Overview

overview

10

Static

static

Kathleen.xz.0.dr.dll

windows7_x64

10

Kathleen.xz.0.dr.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kathleen.xz.0.dr

  • Size

    108KB

  • Sample

    211117-ylyzsaagcr

  • MD5

    4f2a7160665d709942e866fbc5f87739

  • SHA1

    35789f5eee7c38f329eb95c08b6e6cb4666e7b07

  • SHA256

    03f5e9a1c5bd9079a54240c6e0443dd0497fbc7580cd75b6a2324111b8d93c76

  • SHA512

    52f475bc0a0c1f1523013d7f84262f305bc8bfc49b766e59a94e41b5ca34c01b57c0f101bd8f6a957cf7b35baee7f0a3a2614577082f08f5bfc3bb7ad3d268b7

Score
10/10
icedid4274986930bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

4274986930

C2

aucespoo.ink

Targets

    • Target

      Kathleen.xz.0.dr

    • Size

      108KB

    • MD5

      4f2a7160665d709942e866fbc5f87739

    • SHA1

      35789f5eee7c38f329eb95c08b6e6cb4666e7b07

    • SHA256

      03f5e9a1c5bd9079a54240c6e0443dd0497fbc7580cd75b6a2324111b8d93c76

    • SHA512

      52f475bc0a0c1f1523013d7f84262f305bc8bfc49b766e59a94e41b5ca34c01b57c0f101bd8f6a957cf7b35baee7f0a3a2614577082f08f5bfc3bb7ad3d268b7

    Score
    10/10
    icedid4274986930bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks