icedid | 6f7e4c3ffc85be11c78a5be461f00fa8b29aeb9c2948143a6c4e726fafb329ef | Triage

Resubmissions

22-02-2022 16:14

220222-tpps3acabq 10

13-12-2021 19:00

211213-xn1eyseag7 10

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-en-20211208
submitted
22-02-2022 16:14

Sharing

Report Analysis Logs

General

Target

enrich_64.dll
Size

162KB
MD5

728a9cf19e753286d6fb759d3bd48e4c
SHA1

3ea831ea2c999c07f26a1a8a9df6ea0a2a8365ac
SHA256

074155f04abd8aaf5e3fe9853f9d5dc52704dde1e1d18ebf976f611297524dcc
SHA512

20d0ced79abb88cee225730ba71599c2a84b083cb9de57cde20e6e1a8802cb92cfd443b8fb299b6515d279259e334c27f6e79e0d760983103295f576fe681364

Score

10^/10

icedid 2354879232 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

2354879232

C2

gadverjo.com

hevciak.com

reseptors.com

smallbadcity.com

Attributes

auth_var
13
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\enrich_64.dll,#1
1⤵
PID:832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-54-0x0000000000530000-0x0000000000567000-memory.dmp

Filesize
220KB

Download