Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

pumpkin-32.dll

windows7_x64

10

pumpkin-32.dll

windows10-2004_x64

10

Resubmissions

17-03-2022 16:28

220317-tyt45schbr 1

02-03-2022 07:56

220302-js74psdhh5 10

24-02-2022 19:52

220224-ylj6maehbj 1

Analysis

  • max time kernel
    284s
  • max time network
    359s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    02-03-2022 07:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pumpkin-32.dll

  • Size

    600KB

  • MD5

    b3afc3fcf6756131e897a5234707e422

  • SHA1

    82684fd3a133ad4be9abcd8f95e56eea403e4706

  • SHA256

    3055bfdc5fee78ad2b92fc4b1a35a4632a1f03152fc7e835a7f21d41e44aeb26

  • SHA512

    a860a193ee62045fbb0da4ea6735913cee6a9786008a487a2f8755a3d1dceea73b74da8301af5a4e1ebec2ae88d581e7be07f620cf90461047eda790673b9b88

Score
10/10
icedid3560182600bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com
Attributes
  • auth_var

    2

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\pumpkin-32.dll,#1
    1⤵
      PID:1012

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1012-130-0x0000019FBB4F0000-0x0000019FBB4F5000-memory.dmp

      Filesize

      20KB

      Download