Overview

overview

10

Static

static

also_x64.dll

windows7_x64

10

also_x64.dll

windows10-2004_x64

10

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

Resubmissions

22-02-2022 16:13

220222-tn221acaak 10

21-12-2021 17:49

211221-wd1sasfadr 10

Analysis

  • max time kernel
    122s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-02-2022 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    also_x64.dll

  • Size

    111KB

  • MD5

    b5f6cf31669b934da14ffa6fddf5dd3e

  • SHA1

    a09b486da87cf834b57dfe955605d6cc7a8df0f1

  • SHA256

    a32eae0d939f077c13c8f96e59e7c03fc3256f17992b11fcf7df81041fa156ee

  • SHA512

    3bef955dcb84029859955af1bb0b9c6b68371306367a628c110076d747373e6ead51f84fa9191d5ceac4c2c7e217c2d462df1e539411ab41bb4181d8662f63bd

Score
10/10
icedid1892568649bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

biglaneat.com

northspaceline.co
Attributes
  • auth_var

    11

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\also_x64.dll,#1
    1⤵
      PID:1628

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1628-55-0x00000000003B0000-0x00000000003B5000-memory.dmp

      Filesize

      20KB

      Download