Overview

overview

10

Static

static

3

Malicious_...da.dll

windows7-x64

10

Malicious_...da.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    156s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-07-2023 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malicious_edb3c3eb4f6af3a27ffd9252a02390b13a1025258b2eb36f5c555faa5f555fda.dll

  • Size

    64KB

  • MD5

    52c0d9262af34b2c7a1b8f1df3e8af4a

  • SHA1

    1c6288262102568f5a49b0d1299f6d39552e6b3f

  • SHA256

    edb3c3eb4f6af3a27ffd9252a02390b13a1025258b2eb36f5c555faa5f555fda

  • SHA512

    f62133d1190c2e39ce4f627c8fead9ceeb7479aa9424cf538991f15f5ce5004966cef54f5dc205271afa6ffe21de9465e1c996bed85a7895342b14ed5c5a4d7a

  • SSDEEP

    1536:roBHSfku/TguqNKM6C6E+YUv3EXmYOiKsU:roBS8Q0R68Xys

Score
10/10
icedid2046050bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2046050

C2

calldivorce.fun

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 1 IoCs
    loader
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Malicious_edb3c3eb4f6af3a27ffd9252a02390b13a1025258b2eb36f5c555faa5f555fda.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2364
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
      PID:4068

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2364-133-0x00000000026F0000-0x00000000026F7000-memory.dmp

      Filesize

      28KB

      Download