icedid | 575f021bea9fcfc56c949fa31a99c169e1d7fda97d323f31a47085542ecb8636 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

core.bat

windows7-x64

core.bat

windows10-2004-x64

donate-x32.dll

windows7-x64

donate-x32.dll

windows10-2004-x64

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/12/2024, 18:17

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

core.bat

Resource

win7-20240903-en

icedid 1217670233 banker core_loader core_payload trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

core.bat

Resource

win10v2004-20241007-en

icedid 1217670233 banker core_loader core_payload trojan

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

donate-x32.dll

Resource

win7-20240903-en

icedid 1217670233 banker core_loader trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

donate-x32.dll

Resource

win10v2004-20241007-en

icedid 1217670233 banker core_loader trojan

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

donate-x32.dll
Size

67KB
MD5

06c6f61d2c16cb465767692e5e7b332d
SHA1

713bacf4f6689471c5a41662120264c73a79446c
SHA256

83f97f8f87237deba89ef2b16218f28f22cf36f2674d2d4f2f2af4faffe4c8df
SHA512

7044ae7f8393c95529225f734d61c112aa1a0a1ab0d1d491478a2a1ea44fa24b13b120578f9da41ea4040f476b7207340196273b84679f2df71411e5351d9c97
SSDEEP

1536:O/Y/QMQdvT5K/YaZm8uUDR+AKCKAvRxZKmLBLx4fOmwAT6FxQJ9+://QMQdvTU/4U8AK457B6wfFW9

Score

10^/10

icedid 1217670233 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

lakogrefop.rest

hangetilin.top

follytresh.co

roadswendy.top

Attributes

auth_var
17
url_path
/posts/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\donate-x32.dll,#1
1⤵
PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2332-0-0x0000026B4F6B0000-0x0000026B4F6E7000-memory.dmp

Filesize
220KB

Download
memory/2332-2-0x0000026B4F6B0000-0x0000026B4F6E7000-memory.dmp

Filesize
220KB

Download

© 2018-2025

Terms | Privacy