Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    67s
  • max time network
    137s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    07-07-2022 17:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2dd17fa59c875995931502b37818c967b578b6429eb0fd7692f35774442d78f1.dll

  • Size

    534KB

  • MD5

    525b28ec314cd8e9b4a91c42ee69a9a0

  • SHA1

    5487fbaa6371b10b7e300943bb0906c08c30cea9

  • SHA256

    2dd17fa59c875995931502b37818c967b578b6429eb0fd7692f35774442d78f1

  • SHA512

    e3a0b30eb363c20c18a18c953c8301c960e54d110486ac5b7368d77ef7918f4d2e52c15caf44e19fa4d3bb9945fb9e2e19a4a201477dc882173bdaec9997359e

Score
10/10
icedid227378761bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2dd17fa59c875995931502b37818c967b578b6429eb0fd7692f35774442d78f1.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1492-119-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB

    Download