icedid | 47959778e5198ed2c06e6fcd35ed633e69ee3adf098aade13a6118f0d9db69f3 | Triage

Analysis

max time kernel
69s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-06-2022 17:26

Sharing

Report Analysis Logs

General

Target

erupt-x32.dll
Size

843KB
MD5

22914d48dc2694166dff8128264834fa
SHA1

39b66e8fe09425e36292e20ef8ca90d4a9ef2f02
SHA256

d46fd18f4bb99a0f92b6d8e169e49030ee1971dc1f644e839b4df2c0bcd5f709
SHA512

45c6a4c20ed60ffb1ef469d77da27a599ff847d5e0845114e1f47c34f4e462a8cb5633834710f2e65ad833f2d4bde64f0dd6f74f31cbcc5c4914b19ce6855fc9

Score

10^/10

icedid 1057461280 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1057461280

C2

allesborn.com

feelsgear.com

Attributes

auth_var
3
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\erupt-x32.dll,#1
1⤵
PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2992-130-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download