Overview

overview

10

Static

static

8d75a5dd8e...24.dll

windows7_x64

10

8d75a5dd8e...24.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    31-05-2022 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d75a5dd8eef207895f19fad5bb1f5342a703f79f0098f2d8ef39583b0b56d24.dll

  • Size

    288KB

  • MD5

    283e20e5341692830a8ad8f2602e9c75

  • SHA1

    b1aba7f421a8dcfe42d8f39034cc1bc4ae8dd18f

  • SHA256

    8d75a5dd8eef207895f19fad5bb1f5342a703f79f0098f2d8ef39583b0b56d24

  • SHA512

    a3d3e2062385fb9e48bccb0701d13356ca61af423bfba9d7eace2c35cd53759a8965cddde56aa51074170630e810cfb3937797dd62ab7f242d7d1551feac147f

Score
10/10
icedid2352744503bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

2352744503

C2

fruakij.com

piolsneeds.com

nilkomadik.com

qipanzero.com
Attributes
  • auth_var

    13

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d75a5dd8eef207895f19fad5bb1f5342a703f79f0098f2d8ef39583b0b56d24.dll,#1
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1836-54-0x0000000180000000-0x0000000180005000-memory.dmp

    Filesize

    20KB

    Download