icedid | 9583faaa2b9f2e6210d7877602318ac9a620fc079662db679c6d02f47b0d17e0 | Triage

Analysis

max time kernel
14s
max time network
18s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 21:09

Sharing

Report Analysis Logs

General

Target

false-64.dll
Size

119KB
MD5

68f9ae07d149ab96cd3111e3cafd82c7
SHA1

7f3d516e1ce5b60f9ab0cfcdbd903b4fdbc05680
SHA256

02409f390f1c22afb54028c57c8c61d0ecdc609a4b59e1edcec15693dfe3d4d2
SHA512

3addc218c768224ce55c10fa91b603e7f6190ef068665ed42ee818088231649e4f1170837b491a5c2abe4f3e3e8984b7f0f7c1e5572731c77242a2a773b4fadb
SSDEEP

1536:y0YQOiboI9FEcpGOQ/Wf/dymU/Jcjqef2YQmUuFx1mdBLA4yz8YNKJlxH8L5vSwD:y0YQOIoifHQ/YdAcaRQM8DvT

Score

10^/10

icedid 1892568649 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

Attributes

auth_var
10
url_path
/news/

Signatures

IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
trojan banker icedid
Icedid family
icedid

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\false-64.dll,#1
1⤵
PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2592-0-0x0000000000130000-0x0000000000167000-memory.dmp

Filesize
220KB

Download
memory/2592-1-0x0000000000130000-0x0000000000167000-memory.dmp

Filesize
220KB

Download