Overview

overview

10

Static

static

4bac.dll

windows7_x64

10

4bac.dll

windows10_x64

10

Analysis

  • max time kernel
    110s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    01-12-2021 15:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bac.dll

  • Size

    251KB

  • MD5

    96963fac815bf1862e495f960ea21131

  • SHA1

    28f8fed8986b69e0510a9f60c7cbe974468b5ab0

  • SHA256

    6f8c2dcbd58f688b31f830ed801128bdb7535ecc2ea8a8bedf415efd0eb4aa59

  • SHA512

    55242d566b364360072c322c4ef7832051de13dad4d0c15f6ac353b04ef0f3b6eba4ba67923564610221fd5b5fd525c63fb59415796e792ae4c234214b4eb630

Score
10/10
icedid1892568649bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1892568649

C2

normyils.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4bac.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2968-118-0x00000000020B0000-0x0000000002113000-memory.dmp
    Filesize

    396KB

    Download