icedid | ddcf95d87542f2df67aff8941fcd92c71cc704698b00923791e21285f82bb01a | Triage

Sharing

General

Target

VSMecyU.dll
Size

131KB
Sample

201113-a3avslaeds
MD5

37fbb57b3513c6e9417718292a68b8ed
SHA1

9138d0f35ab8adb1c4c53fed1c0ef42b3fc36a80
SHA256

ddcf95d87542f2df67aff8941fcd92c71cc704698b00923791e21285f82bb01a
SHA512

66b759d65c35d8e20f537f40be732ffee2b4d2ee97398e05353adde28c5e1c02aa148e0d6d4087acfa969e0db297799f23138d71ebcff1bcbfe0744dbb6ff23c

Score

10^/10

icedid 3765533603 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

3765533603

Targets

- Target
  
  VSMecyU.dll
- Size
  
  131KB
- MD5
  
  37fbb57b3513c6e9417718292a68b8ed
- SHA1
  
  9138d0f35ab8adb1c4c53fed1c0ef42b3fc36a80
- SHA256
  
  ddcf95d87542f2df67aff8941fcd92c71cc704698b00923791e21285f82bb01a
- SHA512
  
  66b759d65c35d8e20f537f40be732ffee2b4d2ee97398e05353adde28c5e1c02aa148e0d6d4087acfa969e0db297799f23138d71ebcff1bcbfe0744dbb6ff23c
Score

10^/10

icedid 3765533603 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3765533603bankertrojan

behavioral2

icedid3765533603bankertrojan