icedid | 383a03354a9433235e4a729af0da5dcf0b4244521bca51aa0808f29bf74b17fb | Triage

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220414-en
submitted
30-05-2022 15:35

Sharing

Report Analysis Logs

General

Target

b5164d3fd8ed798af2f03afe09d9421a710bba76a265b6da20141163f387a992.dll
Size

276KB
MD5

45a528e8d51d6b14e7e74395ee5dd2ab
SHA1

b7daf2ff47703dfe4f1268fdc8a4fc51aab2bb47
SHA256

b5164d3fd8ed798af2f03afe09d9421a710bba76a265b6da20141163f387a992
SHA512

0c22e782161c92d4090138c4299d9f891cb168ffa363d3dad62f8cf468cc9a7450c0947f8ed6536eced46ff4737edc1f97ef9a4f17230209563060c5235d4f0c

Score

10^/10

icedid 3121611028 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3121611028

C2

implementalyhiol.rest

floppyfgreed.fun

headwayndred.rest

dasreropolo.quest

Attributes

auth_var
4
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5164d3fd8ed798af2f03afe09d9421a710bba76a265b6da20141163f387a992.dll,#1
1⤵
PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1548-54-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download