Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

disagree_64.dll

windows7_x64

10

disagree_64.dll

windows10-2004_x64

10

Resubmissions

22-02-2022 16:13

220222-tn54naahe4 10

16-12-2021 20:28

211216-y9dzhschb2 10

Analysis

  • max time kernel
    122s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-02-2022 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    disagree_64.dll

  • Size

    103KB

  • MD5

    6837a588065ef9365f0aea36f5d55d87

  • SHA1

    c2cfda21f94897fbde9860f2aa52226666861afe

  • SHA256

    b633239177bf929bcd2a9f043afa4e372d310d100eed7512733091f2e8a39371

  • SHA512

    83d70ae29404145e73fde3df503204c47601545189df2e6c9887d6eaa2081d59c54b96784772f036807883e3300d95fb3ff7f0045fbc37e079142f153d80a9fa

Score
10/10
icedid3106999479bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

3106999479

C2

balliordan.com

oprenfirst.com

loremurs.com
Attributes
  • auth_var

    17

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\disagree_64.dll,#1
    1⤵
      PID:1500

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1500-55-0x00000000001B0000-0x00000000001B5000-memory.dmp

      Filesize

      20KB

      Download