icedid | 81b4df61a5dcace2ea7216abf8b05faae79c0b1ceea1d175a6b01166ee7e9b50 | Triage

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
06-06-2022 05:19

Sharing

Report Analysis Logs

General

Target

81b4df61a5dcace2ea7216abf8b05faae79c0b1ceea1d175a6b01166ee7e9b50.dll
Size

513KB
MD5

9debf3a4e98bc547bd55903f4a7b5b47
SHA1

a0acf5a76a0b97fcb74fb0ff3cc25af55d0c3134
SHA256

81b4df61a5dcace2ea7216abf8b05faae79c0b1ceea1d175a6b01166ee7e9b50
SHA512

e41b51e3b17eeeb8cf960dbfab74e6fd1c0d130e67aaedf94729d46845f55190180977f5b00a66e3abf841038fa32a643ffec5ed17e1f743d029b0ed506bfa79

Score

10^/10

icedid 1501064257 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1501064257

C2

ouldmakeithapp.top

meincarton.top

callbackhubs.com

eldingdayl.com

ganjicow.com

meanforthen.com

Attributes

auth_var
7
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rundll32.exe

pid process

1048 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\81b4df61a5dcace2ea7216abf8b05faae79c0b1ceea1d175a6b01166ee7e9b50.dll,#1
1⤵
- Suspicious use of FindShellTrayWindow
PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-54-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download