Overview

overview

10

Static

static

0d666f4a6b...76.dll

windows7_x64

10

0d666f4a6b...76.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    69s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    31-05-2022 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d666f4a6b4bc85553377d594d41f3a4b5e1a28d8d293694821342faf10c9176.dll

  • Size

    464KB

  • MD5

    c3f3b824bb6aa8b1784faf29d1503fce

  • SHA1

    b2fcfd0140d3840988cd4d409668ba7fa76ea26c

  • SHA256

    0d666f4a6b4bc85553377d594d41f3a4b5e1a28d8d293694821342faf10c9176

  • SHA512

    80d966b71c3c90c126966a065e3a322ee6ebaa4b0c72671abde358f8303e27f48fe952d056893f931504cc38e9fc15ab8a47c6de18f08ff8c65002c0b97eb75f

Score
10/10
icedid3681413287bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3681413287

C2

vadgeatemoz.com

akernilon.com

westdudil.com

leatyeals.com
Attributes
  • auth_var

    3

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d666f4a6b4bc85553377d594d41f3a4b5e1a28d8d293694821342faf10c9176.dll,#1
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2912-130-0x0000000180000000-0x0000000180005000-memory.dmp

    Filesize

    20KB

    Download