icedid | 42c0472e0b339aa985294f023b09df0fcae3c1bdc4760bbd0a39e749a2972df3 | Triage

Submit
Reports

Overview

overview

Static

static

core.bat

windows7_x64

core.bat

windows10_x64

middlex64.dat.dll

windows7_x64

middlex64.dat.dll

windows10_x64

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-en-20211104
submitted
30-11-2021 18:37

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

core.bat

Resource

win7-en-20211104

icedid 1217670233 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

core.bat

Resource

win10-en-20211014

icedid 1217670233 banker trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

middlex64.dat.dll

Resource

win7-en-20211104

icedid 1217670233 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

middlex64.dat.dll

Resource

win10-en-20211014

icedid 1217670233 banker trojan

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

middlex64.dat.dll
Size

119KB
MD5

e5407acfe1ba6b264851752751bfdfc7
SHA1

7534d5b6a43064cfd1677091ad39ac7b6099b292
SHA256

ed4d19d3536e4c968425769edfad39459e7edf3ae7bc0246cc2163f656e85d68
SHA512

b470f9e2721b008e7fef10069443082f70f04f200dccad3166d3f7252aa98ba9cf7649201651c5e65f33c3e6bdd6ee2279a0500c4bc34aea304513ac442658fd

Score

10^/10

icedid 1217670233 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

lakogrefop.rest

hangetilin.top

follytresh.co

roadswendy.top

Attributes

auth_var
18
url_path
/posts/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\middlex64.dat.dll,#1
1⤵
PID:1576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1576-55-0x0000000001B40000-0x0000000001B77000-memory.dmp

Filesize
220KB

Download

© 2018-2024

Terms | Privacy