Overview

overview

10

Static

static

bless-.dll

windows7_x64

10

bless-.dll

windows10-2004_x64

10

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

Resubmissions

22-02-2022 16:12

220222-tnypksahd6 10

24-12-2021 02:56

211224-de79nacbe7 10

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-02-2022 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bless-.dll

  • Size

    330KB

  • MD5

    dd2b6d7007ee249c0679b52d306dc421

  • SHA1

    13f44e5f9c05a4c8b2b7655722ab36619642c858

  • SHA256

    c8cd2a2b0767b5220f9fbc6ae9b99ba97a9ebaae252146e6c9b395180fc7dc4c

  • SHA512

    c6003888ab5d03a6b47b5340c845d935c5a0d90e8b67d56fa2c8fdcd039089f382a0221cc6ab09e5f83742d32ed3032317469f52ac99cb105aa884cea8c082cc

Score
10/10
icedid1677997313bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1677997313

C2

asrspoe.com

aviospe.com

applesflying.com

badgoodreason.com
Attributes
  • auth_var

    18

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bless-.dll,#1
    1⤵
      PID:1416

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1416-54-0x0000000000140000-0x0000000000145000-memory.dmp

      Filesize

      20KB

      Download