WSGaRIW.dll

General
Target

WSGaRIW.dll

Size

140KB

Sample

210121-qqz8wv28w6

Score
10 /10
MD5

4fbee1cbb17b4a05ae5b5431a76087fb

SHA1

44ffaa43eb2bba71325d406703ad82e010376cac

SHA256

e02483eca255879ba6a57365dbecb56f5049283d8cd3f030dceca5c69f7af161

SHA512

f1c0cf3e5f00e63d8edcb1cf171fde79b72945ab0d9bdd8a4ecb84b3a2b37d08eec0a59926b10a6cfaa97409a5bcb372805d09aab5e9248cde85bcb5b83fec93

Malware Config

Extracted

Family icedid
C2

klopperflitter.cyou

Targets
Target

WSGaRIW.dll

MD5

4fbee1cbb17b4a05ae5b5431a76087fb

Filesize

140KB

Score
10 /10
SHA1

44ffaa43eb2bba71325d406703ad82e010376cac

SHA256

e02483eca255879ba6a57365dbecb56f5049283d8cd3f030dceca5c69f7af161

SHA512

f1c0cf3e5f00e63d8edcb1cf171fde79b72945ab0d9bdd8a4ecb84b3a2b37d08eec0a59926b10a6cfaa97409a5bcb372805d09aab5e9248cde85bcb5b83fec93

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • IcedID First Stage Loader

    Tags

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10