Overview

overview

10

Static

static

core.bat

windows7_x64

10

core.bat

windows10-2004_x64

10

strike64.dll

windows7_x64

10

strike64.dll

windows10-2004_x64

10

Resubmissions

07-03-2022 21:46

220307-1my3aagbh2 10

28-02-2022 09:51

220228-lvldtsdhg4 10

24-02-2022 19:51

220224-yk4hwaehap 1

Analysis

  • max time kernel
    1629s
  • max time network
    1389s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    07-03-2022 21:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    strike64.dll

  • Size

    600KB

  • MD5

    b3afc3fcf6756131e897a5234707e422

  • SHA1

    82684fd3a133ad4be9abcd8f95e56eea403e4706

  • SHA256

    3055bfdc5fee78ad2b92fc4b1a35a4632a1f03152fc7e835a7f21d41e44aeb26

  • SHA512

    a860a193ee62045fbb0da4ea6735913cee6a9786008a487a2f8755a3d1dceea73b74da8301af5a4e1ebec2ae88d581e7be07f620cf90461047eda790673b9b88

Score
10/10
icedid3560182600bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com
Attributes
  • auth_var

    2

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\strike64.dll,#1
    1⤵
      PID:3528
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k wsappx -p
      1⤵
        PID:1236

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3528-130-0x000001C60BBB0000-0x000001C60BBB5000-memory.dmp

        Filesize

        20KB

        Download