Overview

overview

10

Static

static

3

Malicious_...4e.dll

windows7-x64

10

Malicious_...4e.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    02-07-2023 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malicious_8bf21428a8ba767c6b0d0786cdc6a084afd03101789ad75e0d669e590e71694e.dll

  • Size

    64KB

  • MD5

    e02bc705d876c4afd2a0579db12f44bf

  • SHA1

    888c9a6957830afb932cc70396e9ca0f30b673c0

  • SHA256

    8bf21428a8ba767c6b0d0786cdc6a084afd03101789ad75e0d669e590e71694e

  • SHA512

    7b9b85d80cfc6f57166567ef845f6fa044980900d4d6f3a80252644f43f8e03b0ec009089e60771f1ef619bcdd40722e9b50afcd8a69af7ac3e2fec0c7fe845b

  • SSDEEP

    1536:roBHSfku/TguqNKM6C6E+YUv3EXmYOiKsU:roBS8Q0R68Xys

Score
10/10
icedid2046050bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2046050

C2

calldivorce.fun

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 2 IoCs
    loader
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Malicious_8bf21428a8ba767c6b0d0786cdc6a084afd03101789ad75e0d669e590e71694e.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b903aa646180d9118bcee5cb769f2af7

    SHA1

    bd545d9188c2d7d0125510523b4ae81018f3eacf

    SHA256

    3b534202f63ba8266e87d7f2c079cdb05c6e6f0fcda2bb4e413cf92c08f363e5

    SHA512

    f9ff893f75a43b95d233396333c23a0235d55604a2da990d5960e3b92a43a807f024ce51b406f3d97027ae0b8a854202d8bcae5d30431941d61290e8254b8398

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab4A5.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar554.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • memory/1184-54-0x00000000000C0000-0x00000000000C7000-memory.dmp
    Filesize

    28KB

    Download
  • memory/1184-78-0x00000000000C0000-0x00000000000C7000-memory.dmp
    Filesize

    28KB

    Download