icedid | 99c1060f61d53bab5328cf79116d02352979e93348957455af21f2182a952631 | Triage

Submit
Reports

Overview

overview

Static

static

3

core/cmd.bat

windows7-x64

core/cmd.bat

windows10-2004-x64

core/future_64.dll

windows7-x64

core/future_64.dll

windows10-2004-x64

Analysis

max time kernel
94s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-12-2024 17:26

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

core/cmd.bat

Resource

win7-20240903-en

icedid 1892568649 banker core_loader core_payload trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

core/cmd.bat

Resource

win10v2004-20241007-en

icedid 1892568649 banker core_loader core_payload trojan

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

core/future_64.dll

Resource

win7-20241010-en

icedid 1892568649 banker core_loader trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

core/future_64.dll

Resource

win10v2004-20241007-en

icedid 1892568649 banker core_loader trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

core/future_64.dll
Size

113KB
MD5

e7317be4cdc343ccb724bede45bfee1b
SHA1

1cc27c2b4321c8c92f8be36dcdcbfec6d46e6ea2
SHA256

32a660a70c9e0893d820dc8d9bc89b4e419d45e7874127de58443aa22a423631
SHA512

ea486b98a75e4b6e565a80333612a02e822d916d0c1be03559253299c4e162215da4e17f2fb84ff5f124bf9e1a469da828e2465b69553c66c0b7f2c358faca2f
SSDEEP

1536:n/lGl9mBCBLFQ9MzJSEOh+hHagKOX3xIdCbfanzUNFuXQ3AwnsWIxew012UnQUkq:/wlABCBC9M4EpbZHCMkEkB

Score

10^/10

icedid 1892568649 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

biglaneat.com

northspaceline.co

Attributes

auth_var
11
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\future_64.dll,#1
1⤵
PID:724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/724-0-0x000001E9BAC10000-0x000001E9BAC47000-memory.dmp

Filesize
220KB

Download
memory/724-2-0x000001E9BAC10000-0x000001E9BAC47000-memory.dmp

Filesize
220KB

Download

© 2018-2025

Terms | Privacy