Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
05-06-2022 08:38
General
-
Target
49c0e1398dec485cc011ec08016850be.dll
-
Size
480KB
-
MD5
49c0e1398dec485cc011ec08016850be
-
SHA1
3c9a297e36de397a7966d6c4c1013bcd5a26ac1e
-
SHA256
a0052b5fe74778e9d7274a8c2a5c448ccb002a1dd9c53564a40a60d8d62726d3
-
SHA512
7d26ada8796414a012a454ceeec9470821960549edcd6a6fb7ba79c2e34ccbed6a7e5842f2502471c8de71a0fd158f651ee130e41e210cab3e45c5f55d44361f
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
2581925242
C2
uleoballs.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\49c0e1398dec485cc011ec08016850be.dll,#11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB