Overview

overview

10

Static

static

94efbbb48b...5f.dll

windows7-x64

10

94efbbb48b...5f.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-09-2022 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94efbbb48b1d3703e1055160db06e65f.dll

  • Size

    317KB

  • MD5

    94efbbb48b1d3703e1055160db06e65f

  • SHA1

    516e2bb96abfe1f91cd00b0d67b596228536ddeb

  • SHA256

    bbe6b63e43398a3d4b36a5b669d5fd5b2e480b38ef31e6d6b2553374055d9187

  • SHA512

    cbb30485dd935d4d922458e3658fca02995dd44bd1983090facf4e5ee8819bc0d7b6761e7d32ebccfe625bc9c813fd1546b9ebe610e6c883f52d6fe7e9502190

  • SSDEEP

    6144:bJIId9kP7+sYAdo9ZvHsJge7lfh+mQVri2VrpgEhBvZ:/9kP7I/sm2lfv29pgEhhZ

Score
10/10
icedid1023645195bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1023645195

C2

trallfasterinf.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\94efbbb48b1d3703e1055160db06e65f.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1836-54-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download
  • memory/1836-60-0x00000000002A0000-0x00000000002A6000-memory.dmp
    Filesize

    24KB

    Download