icedid | d4f52ddbdadca2e2efc4e63e2349fdf981326136ec07df787773385d6c87b32a | Triage

Submit
Reports

Overview

overview

Static

static

core.bat

windows7_x64

core.bat

windows10_x64

slab-64.tmp.dll

windows7_x64

slab-64.tmp.dll

windows10_x64

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-en-20211104
submitted
02-12-2021 11:50

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

core.bat

Resource

win7-en-20211014

icedid 1892568649 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

core.bat

Resource

win10-en-20211014

icedid 1892568649 banker collection spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

slab-64.tmp.dll

Resource

win7-en-20211104

icedid 1892568649 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

slab-64.tmp.dll

Resource

win10-en-20211104

icedid 1892568649 banker trojan

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

slab-64.tmp.dll
Size

124KB
MD5

e53f86eb06a67783781202b471580c82
SHA1

dc541cee7c0b810da890fa3ea0923599140a1561
SHA256

0a795eb53d21799c975e4f4c0ca3817960d85278faec68a04882216f1e3a3020
SHA512

175243cc7ec631c3128d7fc7c53244e7f8c2abe878393569746b57bea12a04005fb0734170e738384a60e14322eec1ee7ddd5d1661e62ba469a547592b4d197f

Score

10^/10

icedid 1892568649 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

Attributes

auth_var
10
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\slab-64.tmp.dll,#1
1⤵
PID:764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/764-55-0x00000000001A0000-0x00000000001D7000-memory.dmp

Filesize
220KB

Download

© 2018-2024

Terms | Privacy