icedid | 4d00dd3d606e59496069e836b1c4466d5a11a1a03c2207947f64e4442099657a | Triage

Sharing

General

Target

VSMecyU.dll
Size

131KB
Sample

201112-qxm622cntx
MD5

4f807ffbf0704b3aaf708a1aef892dfd
SHA1

55fb9e7df549ca9133dd2d481930e1042a8c61bc
SHA256

4d00dd3d606e59496069e836b1c4466d5a11a1a03c2207947f64e4442099657a
SHA512

8e7cf9306b690dd5afb762788dbfc88f8e7a54ecc1880c7e1cd80e358b22f2a3624173efd6f2a7c4ce510906876cc639eb261986abb7186365ee038be464a4dc

Score

10^/10

icedid 3765533603 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3765533603

Targets

- Target
  
  VSMecyU.dll
- Size
  
  131KB
- MD5
  
  4f807ffbf0704b3aaf708a1aef892dfd
- SHA1
  
  55fb9e7df549ca9133dd2d481930e1042a8c61bc
- SHA256
  
  4d00dd3d606e59496069e836b1c4466d5a11a1a03c2207947f64e4442099657a
- SHA512
  
  8e7cf9306b690dd5afb762788dbfc88f8e7a54ecc1880c7e1cd80e358b22f2a3624173efd6f2a7c4ce510906876cc639eb261986abb7186365ee038be464a4dc
Score

10^/10

icedid 3765533603 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3765533603bankertrojan

behavioral2

icedid3765533603bankertrojan