Overview

overview

10

Static

static

c5169e0fa3...bc.dll

windows7_x64

10

c5169e0fa3...bc.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    129s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    20-02-2022 13:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5169e0fa3ddc3c4ba3e71ba9e7d9bbc.dll

  • Size

    608KB

  • MD5

    c5169e0fa3ddc3c4ba3e71ba9e7d9bbc

  • SHA1

    51ef539bea4b7cd86c7d5eecd85bee70918f704f

  • SHA256

    abe63be5854813b62f29876a2480cb2ed1eae4d9dcd51596390b62c2befc0988

  • SHA512

    9e858ac59a6a9ab7b4d8d035f31904d72b4312a31f7d267628de80ea22dc2731a06b57f9ec3a6abea3984e4026389e0c43781105e32c8e58e12bbf380d9029ca

Score
10/10
icedid1117948791bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

1117948791

C2

reseptors.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Drops file in Windows directory 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c5169e0fa3ddc3c4ba3e71ba9e7d9bbc.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2208
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1352-131-0x0000025E0D580000-0x0000025E0D590000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1352-130-0x0000025E0D520000-0x0000025E0D530000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1352-132-0x0000025E0FC60000-0x0000025E0FC64000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2208-133-0x00000000026A0000-0x00000000026AE000-memory.dmp

    Filesize

    56KB

    Download