Overview

overview

10

Static

static

10

976-56-0x0...ry.dll

windows7_x64

3

976-56-0x0...ry.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    976-56-0x0000000000130000-0x000000000013A000-memory.dmp

  • Size

    40KB

  • Sample

    220209-1947tabheq

  • MD5

    534bf8c0f11fc540d7b11790351561bc

  • SHA1

    6b9393f60d476fddd617b9ada7b151b167218993

  • SHA256

    44799d1df8d40de415ebce0501a6d4b91470e364d730f16bb5be04b94d167763

  • SHA512

    13803e52e4b1c2a7c85d7f0e0ce713b7db73a4a90f08e1c23316bda88863729e814e500c27e74bac82173c7ce793cd0b7bb562d58f1220fec4dbd79fcb0cf291

Score
10/10
icedid1732687004

Malware Config

Extracted

Family

icedid

Campaign

1732687004

C2

keepfootbal.com

Targets

    • Target

      976-56-0x0000000000130000-0x000000000013A000-memory.dmp

    • Size

      40KB

    • MD5

      534bf8c0f11fc540d7b11790351561bc

    • SHA1

      6b9393f60d476fddd617b9ada7b151b167218993

    • SHA256

      44799d1df8d40de415ebce0501a6d4b91470e364d730f16bb5be04b94d167763

    • SHA512

      13803e52e4b1c2a7c85d7f0e0ce713b7db73a4a90f08e1c23316bda88863729e814e500c27e74bac82173c7ce793cd0b7bb562d58f1220fec4dbd79fcb0cf291

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks