Overview

overview

10

Static

static

6bce7853d9...be.dll

windows7_x64

10

6bce7853d9...be.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    09-03-2022 15:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6bce7853d915d50caeec4b0b1d4249051be855e363c71563579cc6102801febe.dll

  • Size

    148KB

  • MD5

    88206b4e6e32939b83b237e6d3ee67a5

  • SHA1

    c594ce5c5045dc9c1d5cbe0df99c48493bf5899e

  • SHA256

    6bce7853d915d50caeec4b0b1d4249051be855e363c71563579cc6102801febe

  • SHA512

    4e6f40b0f1dc03057bb63a82fbc659ea76565761162a631c909c4454408b48f77d4efb499c78643b5dbf2847de7e80da41166f4018a2c9109c5e4119b621e6a9

Score
10/10
icedidbankerloadertrojan

Malware Config

Extracted

Family

icedid

C2

singularitty.best

zolerasiop.club

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID Second Stage Loader 2 IoCs
    loader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6bce7853d915d50caeec4b0b1d4249051be855e363c71563579cc6102801febe.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3796
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\6bce7853d915d50caeec4b0b1d4249051be855e363c71563579cc6102801febe.dll
      2⤵
        PID:1780

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1780-133-0x0000000010000000-0x0000000010006000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1780-134-0x0000000010000000-0x0000000010039000-memory.dmp

      Filesize

      228KB

      Download

    • memory/1780-135-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

      Filesize

      4KB

      Download