Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    111s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    30-11-2021 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e69be5090c016693c2ce32c1715ea63343b0aa0786b550e0b8e7e03cafd8192c.dll

  • Size

    150KB

  • MD5

    86ffc3e8109c063899c64fc89d971607

  • SHA1

    044553d2951157f10cbd308bbd655b8b123914ee

  • SHA256

    e69be5090c016693c2ce32c1715ea63343b0aa0786b550e0b8e7e03cafd8192c

  • SHA512

    35cd134e0a735b52cb6c6f2a47556a315af242cb3720f0c1233647e0375137e588e4e7d4ac874b5ede37db572e0546774764eff4df110b3c2bafa75e26a9a30a

Score
10/10
icedid1677997313bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1677997313

C2

nermorell.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e69be5090c016693c2ce32c1715ea63343b0aa0786b550e0b8e7e03cafd8192c.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3084-118-0x0000000002970000-0x00000000029D3000-memory.dmp
    Filesize

    396KB

    Download