Overview

overview

10

Static

static

recall.dll

windows7-x64

10

recall.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-08-2022 15:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    recall.dll

  • Size

    370KB

  • MD5

    d50cf4800accda2fc6fc57dfda5790c7

  • SHA1

    9b42f185598f7a7f0c803273af2651e148929cf3

  • SHA256

    f0bec72ea95c299af2a57e2ffa317c309ad4f70d1809c4e299084c38a282aaaf

  • SHA512

    4a020244e7e6139ca55c491de734606764696ed57a67d3f0967fe9cb2a29f707a93a6cb4338161d13f38ffc2b3ccf3fbd06faa9b85a200dec1a05a4ae6d3f74e

  • SSDEEP

    6144:TE5yLwssyjHvomnVhuj+s4sfnVWpB7QH2CBAdo24rn25ZRSAD24rn2ExihwfIzhi:45Pguj4MnVWpmHT24rn25ZAAD24rn24L

Score
10/10
icedid1573268852bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl

ultomductingbig.pro

alcoheyteri.click
Attributes
  • auth_var

    24

  • url_path

    /news/

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\recall.dll,#1
    1⤵
      PID:4892

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4892-132-0x00007FF902730000-0x00007FF90278F000-memory.dmp
      Filesize

      380KB

      Download
    • memory/4892-133-0x0000000180000000-0x0000000180005000-memory.dmp
      Filesize

      20KB

      Download