Overview

overview

10

Static

static

coin_.dll

windows7_x64

10

coin_.dll

windows10-2004_x64

10

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

Resubmissions

22-02-2022 16:12

220222-tntevsbhhn 10

29-12-2021 13:24

211229-qnl41aehd6 10

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-02-2022 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    coin_.dll

  • Size

    168KB

  • MD5

    86ca4e1a615a597f75680a65ed980c29

  • SHA1

    c7ac192295f1d32f550558f1e92373e23949f721

  • SHA256

    477bce9457c040cd69f4853b20e1b3de3957f15ca39d2a2d95bb8e1153d0d0bd

  • SHA512

    2ad88296cfbdb5af9865a575f1460178b449c96f46434d276c93d450087dba0f4fc3defe6659f1115fd77413f445486c4069c3ded8809f73dd3614608f3b75f2

Score
10/10
icedid4221486031bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

4221486031

C2

xijsry.com

zanokiryq.com

gladmitter.com
Attributes
  • auth_var

    3

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\coin_.dll,#1
    1⤵
      PID:308

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/308-54-0x0000000000130000-0x0000000000135000-memory.dmp

      Filesize

      20KB

      Download