Overview

overview

10

Static

static

97b56d3b80...5d.dll

windows7_x64

10

97b56d3b80...5d.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    02-06-2022 22:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97b56d3b80e09eeb2da05dcc47961c96ba902bf921da004325f3791ad84d5d5d.dll

  • Size

    685KB

  • MD5

    ce7c0c8c725fe466b892d6e2ad0ea9d9

  • SHA1

    12ab2a5c042adafb94a535799885a04a7e2968b9

  • SHA256

    97b56d3b80e09eeb2da05dcc47961c96ba902bf921da004325f3791ad84d5d5d

  • SHA512

    a949679200907eb9b90a245b1b4cbc7dfad65abf36763e65e57f55eb0de9f39bbd73eb45f38487fb418bdf1aa07e0e12a12a1ad0d4f7bab3a8fffc73181cdd5d

Score
10/10
icedid1129175425bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

1129175425

C2

intonthsnstr.rest

estoptionicou.top

ypothesisabo.top

flipperzillo.quest
Attributes
  • auth_var

    11

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\97b56d3b80e09eeb2da05dcc47961c96ba902bf921da004325f3791ad84d5d5d.dll,#1
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:4944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4944-130-0x0000000180000000-0x0000000180005000-memory.dmp

    Filesize

    20KB

    Download