Overview

overview

10

Static

static

a594631848...b7.dll

windows7_x64

10

a594631848...b7.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    07-03-2022 10:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5946318483cc9765cdfbf905c2f51d624776ff0bb0fcf17d51ec3722c111db7.dll

  • Size

    149KB

  • MD5

    cdb6222d629d727740bb9eae252df37d

  • SHA1

    691de2ca7831b6daba56a86d16682039bc9c1cf0

  • SHA256

    a5946318483cc9765cdfbf905c2f51d624776ff0bb0fcf17d51ec3722c111db7

  • SHA512

    1326a3f9c05c2db8633695b4ba65673b212db68dd61596168ce82f2e90f75d47d563b3786e707e6e99a4af3745604b07e3310b747cc933de0fb27d2425fe4174

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

rotmistr.club

5kilozhuto.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5946318483cc9765cdfbf905c2f51d624776ff0bb0fcf17d51ec3722c111db7.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5946318483cc9765cdfbf905c2f51d624776ff0bb0fcf17d51ec3722c111db7.dll,#1
      2⤵
        PID:2556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2556-130-0x0000000074C30000-0x0000000074C36000-memory.dmp
      Filesize

      24KB

      Download
    • memory/2556-131-0x0000000074C30000-0x0000000074C68000-memory.dmp
      Filesize

      224KB

      Download
    • memory/2556-132-0x0000000004C90000-0x0000000004C91000-memory.dmp
      Filesize

      4KB

      Download