General

  • Target

    VSMecyU.dll

  • Size

    131KB

  • Sample

    201113-a3avslaeds

  • MD5

    37fbb57b3513c6e9417718292a68b8ed

  • SHA1

    9138d0f35ab8adb1c4c53fed1c0ef42b3fc36a80

  • SHA256

    ddcf95d87542f2df67aff8941fcd92c71cc704698b00923791e21285f82bb01a

  • SHA512

    66b759d65c35d8e20f537f40be732ffee2b4d2ee97398e05353adde28c5e1c02aa148e0d6d4087acfa969e0db297799f23138d71ebcff1bcbfe0744dbb6ff23c

Malware Config

Extracted

Family

icedid

Campaign

3765533603

Targets

    • Target

      VSMecyU.dll

    • Size

      131KB

    • MD5

      37fbb57b3513c6e9417718292a68b8ed

    • SHA1

      9138d0f35ab8adb1c4c53fed1c0ef42b3fc36a80

    • SHA256

      ddcf95d87542f2df67aff8941fcd92c71cc704698b00923791e21285f82bb01a

    • SHA512

      66b759d65c35d8e20f537f40be732ffee2b4d2ee97398e05353adde28c5e1c02aa148e0d6d4087acfa969e0db297799f23138d71ebcff1bcbfe0744dbb6ff23c

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks