Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    07-05-2021 10:36

General

  • Target

    6f57eb37bff30df1a66f848cb648799536dcbc05f6fb3.dll

  • Size

    234KB

  • MD5

    dfa62565b68736dc443386d68388b269

  • SHA1

    d64a755f001658c7bc037049259f23807105d8ba

  • SHA256

    6f57eb37bff30df1a66f848cb648799536dcbc05f6fb32d1ae071102ffd830ee

  • SHA512

    f6d4858e069016e763b4a7dc193742b7eb841f2409a3c03058255006978b7deb586fff0dd1be3b7cbef03d55fe917507876cbf34d2a0c828fe03a0845f363bee

Malware Config

Extracted

Family

icedid

Campaign

3042509645

C2

dsedertyhuiokle.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6f57eb37bff30df1a66f848cb648799536dcbc05f6fb3.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/636-114-0x0000000001E50000-0x0000000001E96000-memory.dmp

    Filesize

    280KB