Overview

overview

10

Static

static

invoice_101.iso

windows10_x64

3

document.lnk

windows10_x64

10

main.dll

windows10_x64

10

Analysis

  • max time kernel
    262s
  • max time network
    397s
  • platform
    windows10_x64
  • resource
    win10-20220223-en
  • submitted
    11-03-2022 17:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    main.dll

  • Size

    1.2MB

  • MD5

    54a4016cf2d929ccea9ef47efbd96542

  • SHA1

    b761fd0ff2a4f4394191e8a9bce4c586f131b8f0

  • SHA256

    4bbd73e64d3fea6e61c91d419a0014985bd058d9adea2a7b4e863867aa79435d

  • SHA512

    8fa4b15b7efed88810060f222ae5bb9248be9dd8145a329fe3f3494278d8e4826fd36948443cd3d568f55ab951dc1b9c96090c643abb1292036966357f1d63e3

Score
10/10
icedid2401334462bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

2401334462

C2

emicthatmov.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\main.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3464-114-0x0000000000B10000-0x0000000000B1B000-memory.dmp
    Filesize

    44KB

    Download