Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

scan_x32.dll

windows7_x64

10

scan_x32.dll

windows10-2004_x64

10

Resubmissions

22-02-2022 16:12

220222-tngfasahc2 10

17-01-2022 15:06

220117-sg5zmsagg4 10

Analysis

  • max time kernel
    135s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    22-02-2022 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    scan_x32.dll

  • Size

    112KB

  • MD5

    3b89fae14077485209480f448bc6154d

  • SHA1

    0006d7bfefe42a3f1714653c1b14ad292a12baae

  • SHA256

    7338986761ad8de5fa5dabd42d85b08aa72f38fa5265840686f04d7de96a5016

  • SHA512

    8eb99ae51d2e10056061784d464b88351404b0d1272b9c1e4a2db2fba1610688d39511559af38ca24a5ea2be165017abcc7827d21525dc7fb050c6b335b03f62

Score
10/10
icedid302245654bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

302245654

C2

imilarquestio.top

heywanted.top

minimike.quest

alsohavethis.top
Attributes
  • auth_var

    3

  • url_path

    /posts/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\scan_x32.dll,#1
    1⤵
      PID:5112

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/5112-130-0x0000021078DA0000-0x0000021078DD7000-memory.dmp

      Filesize

      220KB

      Download