icedid | 8434de0f49c5c8455672393e728ae09c3e4e11742a9ad58cc36b2dffd0cba55d | Triage

Submit
Reports

Overview

overview

Static

static

8434de0f49...5d.dll

windows7_x64

8434de0f49...5d.dll

windows10_x64

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-en-20211104
submitted
01-12-2021 16:53

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

8434de0f49c5c8455672393e728ae09c3e4e11742a9ad58cc36b2dffd0cba55d.dll

Resource

win7-en-20211104

icedid 256587737 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8434de0f49c5c8455672393e728ae09c3e4e11742a9ad58cc36b2dffd0cba55d.dll

Resource

win10-en-20211104

icedid 256587737 banker trojan

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

8434de0f49c5c8455672393e728ae09c3e4e11742a9ad58cc36b2dffd0cba55d.dll
Size

159KB
MD5

1179fd19e9fa97eb607943ce9f3f1528
SHA1

d166ecc892afa5b75f40ce58ff91e29dc24408b9
SHA256

8434de0f49c5c8455672393e728ae09c3e4e11742a9ad58cc36b2dffd0cba55d
SHA512

a33c8b6c073dca360b73620839a33e74978eded8a917759d8f4661b3eff107ba88d1f4ab22ea2aff70c28c687d1f96d62dece61bb625de3c0615626d96663585

Score

10^/10

icedid 256587737 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

256587737

C2

berrowernew.casa

gambitsniper.digital

desantogambito.agency

xantummassacre.golf

naturolinf.top

mikugivetonik.top

Attributes

auth_var
11
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Processes

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8434de0f49c5c8455672393e728ae09c3e4e11742a9ad58cc36b2dffd0cba55d.dll
1⤵
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-55-0x000007FEFC071000-0x000007FEFC073000-memory.dmp

Filesize
8KB

Download
memory/2040-56-0x00000000004C0000-0x00000000004C5000-memory.dmp

Filesize
20KB

Download

© 2018-2024

Terms | Privacy