Overview

overview

10

Static

static

o5p0se/documents.lnk

windows7_x64

10

o5p0se/documents.lnk

windows10-2004_x64

10

o5p0se/o5p0se.dll

windows7_x64

10

o5p0se/o5p0se.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    40s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    06-07-2022 10:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    o5p0se/o5p0se.dll

  • Size

    675KB

  • MD5

    b921650c429c994bc1e727607e725d23

  • SHA1

    b8845c28e13925972646b5e1b4f1aa745ca96463

  • SHA256

    3186e010f87176017d0cea8e23660b99ad5997261b2137abe42c9450671c6661

  • SHA512

    deea8521e345f206e3822d1fdb696d5504db12e5e9256b5b70afc33d4f5d11a32a04e841d10798369088f0bf62eb8b2aec4857482339e1a8e115cb09d6f0a160

Score
10/10
icedid1060798742bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\o5p0se\o5p0se.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2024-54-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download