Overview

overview

10

Static

static

3

Malicious_...52.dll

windows7-x64

10

Malicious_...52.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2023, 19:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Malicious_692198a28ef98cbde5bf66d1c895855b0959e818b2a5ebbdd407e544ff20c852.dll

  • Size

    75KB

  • MD5

    72d0e45556a6e4a0a96fcb3313e561c0

  • SHA1

    312002421898f11dfa68a350bad454bad6e2d4f8

  • SHA256

    692198a28ef98cbde5bf66d1c895855b0959e818b2a5ebbdd407e544ff20c852

  • SHA512

    1263717ef0d1b965ec7e5a5c0b73dd5d6033346fce9957e579a2587a3c02261bfba4eea2fdccb361847f79b71f6fafc83fe06ffdc98a9c8476e702d6798a0bc4

  • SSDEEP

    1536:CY53MNyZS2TinPvX+3pBn9EYm3lHMyYoTivf:x530ysqinXU39E/3lRA

Score
10/10
icedid4213125251bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

4213125251

C2

asforthemines99.uno

Signatures

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid
  • IcedID First Stage Loader 1 IoCs
    loader
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Malicious_692198a28ef98cbde5bf66d1c895855b0959e818b2a5ebbdd407e544ff20c852.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1716

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1716-133-0x0000000002D40000-0x0000000002D47000-memory.dmp

          Filesize

          28KB

          Download