Overview

overview

10

Static

static

sac3p.dll

windows7_x64

10

sac3p.dll

windows10_x64

10

Analysis

  • max time kernel
    53s
  • max time network
    71s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    30-06-2022 17:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sac3p.dll

  • Size

    423KB

  • MD5

    99713db445d054a089235ddce903f38f

  • SHA1

    924c231cf449303cb42e32df5d720f6cd5fc1e47

  • SHA256

    629fca5ccdd42cc48569932968c4c9b215bcc0ce0e783e92e4e41a975adcb031

  • SHA512

    fbce18c2a1d40e92a6cb26358a17e969bed966602718759c89d8b8fc2f56cf0982e4dd04a2e57f0289f7056fa5e43eab79174ddb4a13fbbe21ba166816d560d1

Score
10/10
icedid3635541348bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3635541348

C2

piponareatna.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\sac3p.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1924-118-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB

    Download