Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    21-02-2022 09:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32f0ac02aaf4403016b8228a3cdcfe079c2935f0881205446cdde768a5f27544.dll

  • Size

    490KB

  • MD5

    ca63c50f69e4849a088956f1f84e7895

  • SHA1

    1bcc2ff3a4a5109ad91ccb33c93b7dfdd82cc14b

  • SHA256

    32f0ac02aaf4403016b8228a3cdcfe079c2935f0881205446cdde768a5f27544

  • SHA512

    9874a6ea734b6ed8a029d33574e4676f86f1a21b1eef18a1b92f3e99d75b0e2d5f2dc33b4bb9ec64142457816a15c715f3c63f7e9564245480d0f54b0a39f2c9

Score
10/10
icedid3467965077bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\32f0ac02aaf4403016b8228a3cdcfe079c2935f0881205446cdde768a5f27544.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1304-114-0x0000000000580000-0x000000000058E000-memory.dmp

    Filesize

    56KB

    Download