icedid | e9d773366bcb19d4f69a9996c8eab48bdf7fb51097cf1613d8705b9c25dfe263 | Triage

Submit
Reports

Overview

overview

Static

static

sentence_x64.dat.dll

windows7_x64

sentence_x64.dat.dll

windows11_x64

sentence_x64.dat.dll

windows10_x64

Analysis

max time kernel
2s
max time network
0s
platform
windows7_x64
resource
win7-en-20211104
submitted
25-11-2021 12:25

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

sentence_x64.dat.dll

Resource

win7-en-20211104

icedid 1217670233 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sentence_x64.dat.dll

Resource

win11

icedid 1217670233 banker persistence trojan

windows11_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

sentence_x64.dat.dll

Resource

win10-en-20211014

icedid 1217670233 banker trojan

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

sentence_x64.dat.dll
Size

83KB
MD5

10d53f2baf0cc1321090e01201be84ab
SHA1

153931308c62f6104d7c55c5690ed952833af6ac
SHA256

e9d773366bcb19d4f69a9996c8eab48bdf7fb51097cf1613d8705b9c25dfe263
SHA512

435451c84aba99d9b80c304a37e00eadc7bc11c583bc10c6c45e18a37fc223815218b8877cac1db079983b7ce696a03f487bd501bc7e32815e02335995616e00

Score

10^/10

icedid 1217670233 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

parkerrsberg.site

2sekillo.pw

subdibermarine.pw

zoplasure.top

Attributes

auth_var
2
url_path
/posts/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\sentence_x64.dat.dll,#1
1⤵
PID:1452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1452-55-0x0000000000110000-0x0000000000147000-memory.dmp

Filesize
220KB

Download

© 2018-2024

Terms | Privacy