Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Analysis

  • max time kernel
    114s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    07-07-2022 17:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f837870c2ee91e7cbd491d8c5b62aa8cbd0276b1c9bab8a6af78d907ccd4ec0e.dll

  • Size

    534KB

  • MD5

    0c2acbe5d1f3703f6cbd28fb953adeb9

  • SHA1

    c4186395362f7fa8056ecd8069dfc91b03ccd165

  • SHA256

    f837870c2ee91e7cbd491d8c5b62aa8cbd0276b1c9bab8a6af78d907ccd4ec0e

  • SHA512

    b803d12bf88c58c1af498d5c29fd9bf337c117e1e0214a63ffcbbe85f57bcaa07fedaec20e53484ccfb7d5d073fb62bc1ceb156d5f6eb72929e7238373865214

Score
10/10
icedid227378761bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f837870c2ee91e7cbd491d8c5b62aa8cbd0276b1c9bab8a6af78d907ccd4ec0e.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4428-130-0x0000000180000000-0x0000000180009000-memory.dmp

    Filesize

    36KB

    Download