icedid | 4e2985f816d8030cd490e4d8c06356fc236c08410ec40677f0dfa26e4d08a701 | Triage

Submit
Reports

Overview

overview

Static

static

3

core/asthma-x64.dll

windows7-x64

core/asthma-x64.dll

windows10-2004-x64

core/cmd.bat

windows7-x64

core/cmd.bat

windows10-2004-x64

Analysis

max time kernel
96s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 13:02

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

core/asthma-x64.dll

Resource

win7-20240903-en

icedid 1217670233 banker core_loader trojan

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

core/asthma-x64.dll

Resource

win10v2004-20241007-en

icedid 1217670233 banker core_loader trojan

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

core/cmd.bat

Resource

win7-20240903-en

icedid 1217670233 banker core_loader core_payload trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

core/cmd.bat

Resource

win10v2004-20241007-en

icedid 1217670233 banker core_loader core_payload trojan

windows10-2004-x64

5 signatures

150 seconds

Report Analysis Logs

General

Target

core/asthma-x64.dll
Size

73KB
MD5

71db9df9cb24b947a8f8ea8c0ecb5676
SHA1

28b4c7204fa870a3fa525dbbcbaa07a60dac9ab7
SHA256

df8b256a1a49a7d6b997adc8d4aac93f29c24d0a76520a0b08b6944b71d4022d
SHA512

dd9267635f48b5b79891ecbe96e568cedc6f79fcaf9d7b1619ad10cc8e86958561086991b305e34d42fb15d2f5db083a86920da468a6811934f2ade9d0abc80e
SSDEEP

1536:LxHA+2l2hwkynMDv/vXRErZOKyhNHMt0v3ooBxaq7tSVq:LxHA+2l2hwk4MzvRErZ/yh5ML6

Score

10^/10

icedid 1217670233 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

nnelforwfin.top

lakogrefop.rest

hangetilin.top

essaipienure.space

Attributes

auth_var
6
url_path
/posts/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\core\asthma-x64.dll,#1
1⤵
PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4212-0-0x0000029285230000-0x0000029285267000-memory.dmp

Filesize
220KB

Download
memory/4212-2-0x0000029285230000-0x0000029285267000-memory.dmp

Filesize
220KB

Download

© 2018-2025

Terms | Privacy