Overview

overview

10

Static

static

bb6e595f89...23.dll

windows7_x64

10

bb6e595f89...23.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    90s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28-06-2022 18:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb6e595f8913dde111d0e8f1032c7464a1ca153426a87a45cc749fe9e6599d23.dll

  • Size

    352KB

  • MD5

    09a07ae80aaf96dffca15b4e44fbda49

  • SHA1

    23b4b441ccece18f1c638b358828096c7ae6bec8

  • SHA256

    bb6e595f8913dde111d0e8f1032c7464a1ca153426a87a45cc749fe9e6599d23

  • SHA512

    8cf51ff6909bc4e238ed0e24fac798a41bc56c4412fdb068b2207a3983688a94b4654dbaa1acfaae0b1ff5cf572132a52971bc66edd4ee51316a755bd067a2bf

Score
10/10
icedid3239568078bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3239568078

C2

carbrownleger.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb6e595f8913dde111d0e8f1032c7464a1ca153426a87a45cc749fe9e6599d23.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1708-130-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download