Analysis

  • max time kernel
    241s
  • max time network
    244s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2022 18:59

General

  • Target

    cadets/braved.dll

  • Size

    476KB

  • MD5

    41e60934b4352378f755b8b234e28b1d

  • SHA1

    596520cd20a9abf62119c3e3d530e5e99f9dd285

  • SHA256

    5b3ec3844cc7a448071397b8cb488e6b1dd8a35eb66a6046672cf243817f0b03

  • SHA512

    e41cae897b3e4c6b5e228940933a5120d175d39c5939ba9f7a6739d70f6ef0cd71fc7d8302c6d28989be2a1959aaa201265ed28717d093e5d04451567dcbf307

  • SSDEEP

    6144:EowRmpalgwWrQk2wT7Byq1i6qZksSiOmvQeQEer:XwUpalgwbtq7sq1i6qqsSIjer

Malware Config

Extracted

Family

icedid

Campaign

3228182693

C2

tezycronam.com

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

  • Blocklisted process makes network request 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cadets\braved.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/636-132-0x0000000180000000-0x0000000180009000-memory.dmp
    Filesize

    36KB

  • memory/636-138-0x000001F929FF0000-0x000001F929FF6000-memory.dmp
    Filesize

    24KB