Resubmissions

22-02-2022 16:11

220222-tnddmsahb8 10

19-01-2022 18:29

220119-w5ap7accep 10

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-02-2022 16:11

General

  • Target

    scorpionx64.dll

  • Size

    26KB

  • MD5

    8f622f91a72606fb416bd018ebab2a89

  • SHA1

    11570558833ec1e2243fb12d669758e25c85a873

  • SHA256

    7069a8c1c21038a55d8b7c550696198d128cc30965830bada326fc0453fa0580

  • SHA512

    1814c989cf707eb0edcd97971ed3f981a2468ee1f8f0b740922dd1ba0a8a8f7fb6cf9d4c93404013207f2ba593377668234f4f8faa4b855feece4360dda7ec0a

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

Attributes
  • auth_var

    1

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\scorpionx64.dll,#1
    1⤵
      PID:1692

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1692-54-0x0000000000290000-0x00000000002C7000-memory.dmp
      Filesize

      220KB