Analysis

  • max time kernel
    124s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    27-04-2022 19:25

General

  • Target

    4cadcd74980239a16474d3b4d30eaa8c89e49c1f6e1ab3314ea1465720c4bbd5.dll

  • Size

    34KB

  • MD5

    646247f32385dd66dbe30e59b0bc957b

  • SHA1

    55507ea39a2d354f9974f9580956d17161e4a87d

  • SHA256

    4cadcd74980239a16474d3b4d30eaa8c89e49c1f6e1ab3314ea1465720c4bbd5

  • SHA512

    68333247ac448b5d7092a61c9d8c5f441be71fe96e1ca2fa3fd5f7849b3f9a4199e8c63080439bb41869f8432d3cf8908fe4deef84fb9d15237f01930ee2708b

Malware Config

Extracted

Family

icedid

Botnet

3671205527

C2

blackferrow.com

orangegrande.com

Attributes
  • auth_var

    1

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4cadcd74980239a16474d3b4d30eaa8c89e49c1f6e1ab3314ea1465720c4bbd5.dll,#1
    1⤵
      PID:4832

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4832-130-0x00000276175E0000-0x0000027617617000-memory.dmp

      Filesize

      220KB