Overview

overview

10

Static

static

3c5eda3785...f8.dll

windows7_x64

10

3c5eda3785...f8.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    39s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c5eda37850f129df2bedc4d487c7bbeaa0f282121f53ffcc0cdf60d3a8945f8.dll

  • Size

    288KB

  • MD5

    a23c161d5c4e12b3247dcbf19f6196ba

  • SHA1

    4e353e3c92b22e7197d21f59d85cd31b7bf9aa75

  • SHA256

    3c5eda37850f129df2bedc4d487c7bbeaa0f282121f53ffcc0cdf60d3a8945f8

  • SHA512

    1deee8ce4a438d4fdce15031cbd565058c6cac31ffe48cbab1c86bc8eb8ef85b5794fdc2d10c344d506243904d1b6fbca9b8a8dc101237991eb2d6b603db6fa8

Score
10/10
icedid2352744503bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

2352744503

C2

fruakij.com

piolsneeds.com

nilkomadik.com

qipanzero.com
Attributes
  • auth_var

    13

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c5eda37850f129df2bedc4d487c7bbeaa0f282121f53ffcc0cdf60d3a8945f8.dll,#1
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1928-54-0x0000000180000000-0x0000000180005000-memory.dmp
    Filesize

    20KB

    Download