Overview

overview

10

Static

static

BFB4B9B655...3F.dll

windows7_x64

10

BFB4B9B655...3F.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    52s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    22-03-2022 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BFB4B9B655E9DB3CC719581DEB44193F.dll

  • Size

    148KB

  • MD5

    bfb4b9b655e9db3cc719581deb44193f

  • SHA1

    39f71512c9ff6571a4b59616b27b521f861ff9c8

  • SHA256

    761a643ab6c21137540dac5382c855c329c991581b3ab8b637dd541e09b6824d

  • SHA512

    295a5b27882a3cdc73b9426c45e5b7d51c4b0c52142551f203dff75d271c989f1577cd6d1191e8d533a737350fb15130b802e0340e46d008f82e89531eb671d9

Score
10/10
icedid3529509686bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3529509686

C2

oceriesfornot.top

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\BFB4B9B655E9DB3CC719581DEB44193F.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3492-134-0x0000000180000000-0x000000018000B000-memory.dmp
    Filesize

    44KB

    Download