Overview

overview

10

Static

static

flagstaff.dll

windows7-x64

10

flagstaff.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    125s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2022 16:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    flagstaff.dll

  • Size

    476KB

  • MD5

    7d81188fd25fbfc8b57b1889cc6ae180

  • SHA1

    4dc6aa65779ec365bc1622bf0b28a5328acf4ac3

  • SHA256

    66608501a21447082fe287bd99a8d7b7f0049e2ab3d161e3a3cfbf3e1f28b3bb

  • SHA512

    0abb06d262ce25bd5e979789568f622e839cf4fc36bade958a8d1d13a3bfbb97a99665a6df91c2aa8c480da6e3d084ea4feacf0ec1e02cc5a207d9fb39a83d91

  • SSDEEP

    6144:2nUq1i6qMhmPGx96QeQSIpBYMeepMRT9xa5yqwH:SUq1i6qbGx4IpheepMFLaAqo

Score
10/10
icedid3228182693bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3228182693

C2

tezycronam.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\flagstaff.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/832-54-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

    Download
  • memory/832-60-0x0000000000120000-0x0000000000126000-memory.dmp
    Filesize

    24KB

    Download