Analysis

  • max time kernel
    4294180s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    08-03-2022 18:45

General

  • Target

    pistol32.dll

  • Size

    43KB

  • MD5

    55c3137ff1fb18f315a42e41e00c97a1

  • SHA1

    b798ce92577de625ae4f4cbd15a5b37f832e142d

  • SHA256

    58d60dbbfde0e93ed83c1656660252fc6d192532cbd5d122c39c0481848a22f2

  • SHA512

    a9b7ad7825c06296a01a02a6fc287c231470b9ad105ee6d5a5006c5521eed3a41d0f99b4c97262dad0a718b62bb25e52ec0fd469fad8699f8ab651ffcf14b4d2

Malware Config

Extracted

Family

icedid

Botnet

273095221

C2

loniferast.top

hoseonlin.top

fallhuma.top

nefitsonyo.xyz

Attributes
  • auth_var

    1

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\pistol32.dll,#1
    1⤵
      PID:1224

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1224-54-0x0000000180000000-0x0000000180005000-memory.dmp

      Filesize

      20KB