Overview

overview

10

Static

static

3

Malicious_...df.dll

windows7-x64

10

Malicious_...df.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2023, 19:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Malicious_bfe8fc70929b3e06ef0541fd0c5b7f3ed3a74583d1cb38619c86a7e952a142df.dll

  • Size

    64KB

  • MD5

    452d8f80080a1a76d8eb9c601c097009

  • SHA1

    1ca6c31333cc8190f37cf56c1b994968f9953062

  • SHA256

    bfe8fc70929b3e06ef0541fd0c5b7f3ed3a74583d1cb38619c86a7e952a142df

  • SHA512

    f9a62fd2b1517fc08ea19420bf12db395a7b4675e7ab1f32f689aa43ae95e30cd62eb4df8b2e022b414e1f9dfb29afa20b7e806027c0a55ff443ea2d7c109961

  • SSDEEP

    1536:roBHSfku/TguqNKM6C6E+YUv3EXmYOiKsU:roBS8Q0R68Xys

Score
10/10
icedid2046050bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2046050

C2

calldivorce.fun

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 1 IoCs
    loader
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Malicious_bfe8fc70929b3e06ef0541fd0c5b7f3ed3a74583d1cb38619c86a7e952a142df.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4240

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4240-133-0x0000000000620000-0x0000000000627000-memory.dmp

          Filesize

          28KB

          Download