Overview

overview

10

Static

static

data.dll

windows7_x64

10

data.dll

windows10-2004_x64

10

documents.lnk

windows7_x64

10

documents.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    doc_152.iso

  • Size

    924KB

  • Sample

    220216-28re1afdfq

  • MD5

    f594e5e5fe61c353afa9389612788de9

  • SHA1

    b9e12806da1a4a495f6c39ce14d3a44cb07703fb

  • SHA256

    815df99c15d3431db3e018aad2827a816d078063fa75da842c30efff6bf08e63

  • SHA512

    05824b27de666cf5dce2b365a151d42e77f4c4903acf98812936735b92ed9033eb009cbbd392d6d49349a21b1a98b53eef5db1f677bdc0288219a31ca2e50a40

Score
10/10
icedid1101171172bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1101171172

Targets

    • Target

      data.dll

    • Size

      858KB

    • MD5

      42e3f49a018eb5a0ee676a62578da12d

    • SHA1

      e116e28febd7c616096ddd555fbe50ca8a695bde

    • SHA256

      3851aba3f60e2072e8f212cdf2f9aad9ac7c3b12073ddf4a1d278942791ed5aa

    • SHA512

      ae2164e0313934843cf1d8556998dd143807114afc4e1844ad80c031cb140d37b652f8dd125831306e2dfeb3bb2b201bff4efc9059ea4d989c96b0b79b7df800

    Score
    10/10
    icedid1101171172bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata
    behavioral1behavioral2

    • Target

      documents.lnk

    • Size

      2KB

    • MD5

      c754f3d9cdca9c58f7b9d0a486e4d388

    • SHA1

      078f05b78e7a83ab17d9b35edf195c10f0d5750c

    • SHA256

      a689b27afa67609b9b73465c47f927a12c470b32d8a340552d5f85499501a757

    • SHA512

      cc4af4a8994da26f6daacf1243bb85df0995eccb90159df66e94af0e4e9fd3df401e35a57254efe9bc10a45867dbbdcb3335391f4d5da8b2dcfbe31980e23ebf

    Score
    10/10
    icedid1101171172bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks