Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Analysis

  • max time kernel
    91s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    07-07-2022 17:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ff87eec503c7c7e88f63c905128de72f612ac94c4b8a372a403443a8a4297e6.dll

  • Size

    534KB

  • MD5

    95993ac9b05ecce4a789cabef67005a9

  • SHA1

    472c6b37b66f22978b9bfe03881474b8e5e2910b

  • SHA256

    5ff87eec503c7c7e88f63c905128de72f612ac94c4b8a372a403443a8a4297e6

  • SHA512

    96786153e1eb3d8e8f25f1453d95a7de27e22669c2a837b79b38b62625ca9909be666913f8c596c6868d574ba0e13ef2f88ee52ba0c03d545b4e08339ca2ed2e

Score
10/10
icedid227378761bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ff87eec503c7c7e88f63c905128de72f612ac94c4b8a372a403443a8a4297e6.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1524-130-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download