Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

orient32.dll

windows7_x64

10

orient32.dll

windows10-2004_x64

10

Resubmissions

22-02-2022 16:13

220222-tpdqssahe8 10

22-02-2022 16:13

220222-tpb7zaahe6 10

16-12-2021 11:18

211216-nehzwacaa3 10

16-12-2021 04:08

211216-eql18sbhgk 10

Analysis

  • max time kernel
    135s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    22-02-2022 16:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    orient32.dll

  • Size

    151KB

  • MD5

    ebfc2ce58d5573a735b40b2302f2de4a

  • SHA1

    b4eca993956dbb7e785c4a6c0ea4866297219368

  • SHA256

    e1154b718a8e0213f1c6c447810bb4edaf887906386458d2bd5ca0c73e73ca26

  • SHA512

    17a5742d349e349bb1c6191954805efe530a11d41863de57fb40a6f992fd5837d8901770219c3a0990f270bc07bbbc1e75f7e3b1fdda8404ad2108f263b906cd

Score
10/10
icedid1677997313bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1677997313

C2

asrspoe.com

aviospe.com

applesflying.com

badgoodreason.com
Attributes
  • auth_var

    17

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\orient32.dll,#1
    1⤵
      PID:2712

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2712-130-0x000001D9D8FF0000-0x000001D9D9027000-memory.dmp

      Filesize

      220KB

      Download