icedid | 23c78e805bd910b9f4af543b4f6079b4f02241ed808cca9f76a42465a73e4811 | Triage

Analysis

max time kernel
4294180s
max time network
127s
platform
windows7_x64
resource
win7-20220223-en
submitted
25-02-2022 00:14

Sharing

Report Analysis Logs

General

Target

23c78e805bd910b9f4af543b4f6079b4f02241ed808cca9f76a42465a73e4811.dll
Size

503KB
MD5

484d9615f10be93fe9e5fe475f4bcdc5
SHA1

3f5d2f28365ad8a2f3d6ecbfe5473bc74aa30b60
SHA256

23c78e805bd910b9f4af543b4f6079b4f02241ed808cca9f76a42465a73e4811
SHA512

8d3474b1dce09e0930be89d4edcc6387bc348a2a8b8c0545392a8a8e4d4e409ddd3b858ba018aa6031a39253ac619c9ea94969e59a52b42ff3739a5249d7bb2b

Score

10^/10

icedid 3106999479 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

3106999479

C2

balliordan.com

oprenfirst.com

loremurs.com

Attributes

auth_var
17
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23c78e805bd910b9f4af543b4f6079b4f02241ed808cca9f76a42465a73e4811.dll,#1
1⤵
PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/756-54-0x00000000003A0000-0x00000000003A5000-memory.dmp

Filesize
20KB

Download