Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10_x64

10

excuse64.dat.dll

windows7_x64

10

excuse64.dat.dll

windows10_x64

10

Analysis

  • max time kernel
    123s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    01-12-2021 12:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    excuse64.dat.dll

  • Size

    113KB

  • MD5

    536632a5b6a1cc4b633a4ac6cbbc50d2

  • SHA1

    2657fbe364ed295c49beece438a9d37c2f0469dd

  • SHA256

    2e71372399e5856b9905a9ca13815ab6a0ab8925a2f8a0b0831b17e5b55ec0f3

  • SHA512

    bed289efdb8bfcd68d44d2cb13f0430e6780476a208ada4258f1dacf492c46336da295e4690f2b691793610e124d29bee5444af4aeeaadc9a6e6e094e7d4b87f

Score
10/10
icedid1892568649bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com
Attributes
  • auth_var

    10

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\excuse64.dat.dll,#1
    1⤵
      PID:1160

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1160-55-0x0000000000110000-0x0000000000147000-memory.dmp
      Filesize

      220KB

      Download