icedid | 3af16431d6f03ff15bb2fc67692dd1b12cab40b633569012ca31017915aa6aee | Triage

Submit
Reports

Overview

overview

Static

static

temp.dll

windows7-x64

temp.dll

windows10-2004-x64

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
17-08-2022 16:03

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

temp.dll

Resource

win7-20220812-en

icedid 2672825827 banker core_loader trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

temp.dll

Resource

win10v2004-20220812-en

icedid 2672825827 banker core_loader trojan

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

temp.dll
Size

315KB
MD5

ad3c15ece02704122c5ae5d092022ece
SHA1

d10b7fda94578acc0a4ce55d10b8293a6ef34f58
SHA256

3af16431d6f03ff15bb2fc67692dd1b12cab40b633569012ca31017915aa6aee
SHA512

3c3f1b4a251ab186e748a78eaa58427a54032407f6ea3be583fe8031bab9e976230f910522ff1b7c250d2dc61479e15f83495ccd077ae0ce9d3e5aaa9903693a

Score

10^/10

icedid 2672825827 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2672825827

C2

cementqbilly.com

qaderation.top

dilopmeska.top

carsoveraho.pics

Attributes

auth_var
18
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\temp.dll,#1
1⤵
PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1784-54-0x0000000180000000-0x0000000180005000-memory.dmp

Filesize
20KB

Download

© 2018-2024

Terms | Privacy