Overview

overview

10

Static

static

hostsvc.dll

windows7_x64

10

hostsvc.dll

windows10_x64

10
General
Target

hostsvc.dll

Size

63KB

Sample

210406-5bgafmrjzx

Score
10/10
MD5

fcb6cf720c45b554c5f689fa914ffd2c

SHA1

4d247be7e4c3ee51c026c49dc4b9f59479e8ca77

SHA256

ca93e1c7dc98ca126438c4772f9c3377de5f628b612fe3dc8f72709d5e5bbdb0

SHA512

a27fb5b32662f0624be8b96aaab8e8b09933dee0c996009970d8f7348d5df2142eb23f9215c35c95640a767399dce4636122dc81e58b5cc15ff3ffa3a6a86514

Malware Config

Extracted

Family

icedid
Campaign

2608516171
C2

234willkids.uno

Extracted

Family

icedid
rsa_pubkey.plain

Extracted

Family

icedid
Botnet

478101429
C2

gabry4saver.website

usser234dopper.space

tasyateles.club

jrburnit.website
Attributes
url_path
/news/
Targets
Target

hostsvc.dll

MD5

fcb6cf720c45b554c5f689fa914ffd2c

Filesize

63KB

Score
10/10
SHA1

4d247be7e4c3ee51c026c49dc4b9f59479e8ca77

SHA256

ca93e1c7dc98ca126438c4772f9c3377de5f628b612fe3dc8f72709d5e5bbdb0

SHA512

a27fb5b32662f0624be8b96aaab8e8b09933dee0c996009970d8f7348d5df2142eb23f9215c35c95640a767399dce4636122dc81e58b5cc15ff3ffa3a6a86514

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • IcedID First Stage Loader

    Tags

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
    Discovery
    Execution
    Exfiltration
      Impact
        Initial Access
          Lateral Movement
            Persistence
              Privilege Escalation