Overview

overview

10

Static

static

o5p0se.dll

windows7_x64

10

o5p0se.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    43s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    05-07-2022 21:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    o5p0se.dll

  • Size

    671KB

  • MD5

    3197ba1a5debefb92d74e489e8e21b2f

  • SHA1

    5024c4ef4e98b96e3c50759d37c2cb7f47cecb21

  • SHA256

    fd37ac805a7296f28cae720c52f0d80d1e211ae5129a86ea5b33a224bb4c7895

  • SHA512

    77748f99cff8454dca5ad8a5d135090191954dff09f34b485fb3b2e10a7c5175d0315a77b158c188b050e9894afed1193bb889c9033ae4a375fb1675333d2ba7

Score
10/10
icedid1060798742bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\o5p0se.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1012-54-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB

    Download