Overview

overview

10

Static

static

icedID-06....ts.lnk

windows7-x64

3

icedID-06....ts.lnk

windows10-2004-x64

3

icedID-06....re.bat

windows7-x64

1

icedID-06....re.bat

windows10-2004-x64

1

icedID-06....ng.dll

windows7-x64

10

icedID-06....ng.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    176s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-09-2022 15:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    icedID-06.09.2020/rap/reconsolidating.dll

  • Size

    99KB

  • MD5

    eb9cbe86035927b15b31095b56b830aa

  • SHA1

    cf5acb8cbc8831ccfc373d7104636ba286f0805c

  • SHA256

    6a1ba492984c630ad274b2943b37a697c35a9147f367ddd83b42a229d7e1c27a

  • SHA512

    d7a807ecbeb671901fc0b11eb5522177f4d7d86f14da6c6bfa4ddb3a6b39c2f2e6c58e2bba125a4009d9f1f446a23a947c5f05c301a19e3291f179ab8aac2b84

  • SSDEEP

    1536:UckoJv7wXfoYNzPaRgi3WndDyKHegxaOgcSvdYP4hoGrsDKt9t5N:CAv76fhNndDyKHucSvw46GrsDyD5N

Score
10/10
icedid2211825656bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2211825656

C2

academfleedalas.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\icedID-06.09.2020\rap\reconsolidating.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    PID:4872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4872-132-0x00007FFCD86C0000-0x00007FFCD86DD000-memory.dmp
    Filesize

    116KB

    Download
  • memory/4872-133-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download