icedid | c340ae2dde2bd8fbae46b15abef0c7e706fe8953c837329bde409959836d6510 | Triage

Submit
Reports

Overview

overview

Static

static

Giowcosi64.dll

windows7_x64

Giowcosi64.dll

windows10_x64

Analysis

max time kernel
121s
max time network
125s
platform
windows10_x64
resource
win10-en-20211104
submitted
02-12-2021 03:18

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

Giowcosi64.dll

Resource

win7-en-20211014

icedid 1892568649 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Giowcosi64.dll

Resource

win10-en-20211104

icedid 1892568649 banker trojan

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

Giowcosi64.dll
Size

113KB
MD5

8afee9d09b791bffd2372931cc9060ba
SHA1

fe27de2819b394e2b0824dd28531a4ab914aa855
SHA256

c340ae2dde2bd8fbae46b15abef0c7e706fe8953c837329bde409959836d6510
SHA512

7e13ae3e0a1c783ad19e34be8a921473b239eb21d66301a21a325aa245b5930f907182688ed819aef4cc85a0e1b4f407b5a76a40c907f8fb4eb0280e363d400e

Score

10^/10

icedid 1892568649 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

Attributes

auth_var
10
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Giowcosi64.dll,#1
1⤵
PID:4024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4024-118-0x000001CDE35F0000-0x000001CDE3627000-memory.dmp

Filesize
220KB

Download

© 2018-2024

Terms | Privacy