icedid | 2c60009d6c5e0233e44e5ce2628adbef69a25d3bfaec4369831fb04680281c69 | Triage

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
06-07-2022 18:46

Sharing

Report Analysis Logs

General

Target

hybrid-x64.dll
Size

800KB
MD5

a2c9bed59334b2fbf3aa58cef5b3dcaf
SHA1

24ccce9201b089359d957d3be847f63686a57630
SHA256

515f0f198c34e0c54ac921e442e3cae3c27865ae1c225d1e58355dc494299dbc
SHA512

a9fa9583d95fa1d062e472017842abaf2a92599041519b86f7ccacee41169cc767c982bc4f3c4b070fadb4efc3c4f98baeffa68bea3eb5f87812bfd870a6f2ad

Score

10^/10

icedid 2262657793 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2262657793

C2

khondiroda.com

vondenay.com

Attributes

auth_var
7
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\hybrid-x64.dll,#1
1⤵
PID:1160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1160-54-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download