Overview

overview

10

Static

static

core/cmd.bat

windows7_x64

10

core/cmd.bat

windows10_x64

10

core/diary_64.dat.dll

windows7_x64

10

core/diary_64.dat.dll

windows10_x64

10

Resubmissions

18-10-2021 21:00

211018-ztfc3sefh8 10

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    18-10-2021 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    core/diary_64.dat.dll

  • Size

    114KB

  • MD5

    65133fbf755d46ddf03669c857ca7cb6

  • SHA1

    d50ba0e6064550837502479f1bc98c46b98f0274

  • SHA256

    ec70e9f9b4ab8635865f69b0a024b86bcc5483d29d5d8094365e98f349f82a29

  • SHA512

    6957cf6963c1753469bfdd5c68abc5c08916eb306519027082afab609eb0bf5e82bb881d38c9cc37c1794babbb7110e59c70221ad58992984f9bc82cd0c21a85

Score
10/10
icedid1217670233bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

nnelforwfin.top

viewsketplctly.fun

omersure.space

ferfreenights.site
Attributes
  • auth_var

    3

  • url_path

    /posts/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\diary_64.dat.dll,#1
    1⤵
      PID:1336

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1336-54-0x0000000001AC0000-0x0000000001AF7000-memory.dmp
      Filesize

      220KB

      Download