Overview

overview

10

Static

static

FwlRpmIPXx.exe

windows7_x64

10

FwlRpmIPXx.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FwlRpmIPXx.exe

  • Size

    242KB

  • Sample

    220325-vakfgafbbk

  • MD5

    febd4b99b0131d10d95e71e9ec1d2476

  • SHA1

    8d161b857215a037dcde09c9227d2784984f9fd8

  • SHA256

    16641647772f6572cdf8554198279560e98ce8e686f4433ca64e2031b8ffabdc

  • SHA512

    e112810667cbff52f5d82a17f7bf6274585511d020d050c9e457dc10308e651f8afad069765ae6f7d971ad771da20ee90162c5ed54490c2b255f7d324d049c13

Score
10/10
icedid03714063495bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

0

Extracted

Family

icedid

Campaign

3714063495

C2

ritionalvalueon.top

Targets

    • Target

      FwlRpmIPXx.exe

    • Size

      242KB

    • MD5

      febd4b99b0131d10d95e71e9ec1d2476

    • SHA1

      8d161b857215a037dcde09c9227d2784984f9fd8

    • SHA256

      16641647772f6572cdf8554198279560e98ce8e686f4433ca64e2031b8ffabdc

    • SHA512

      e112810667cbff52f5d82a17f7bf6274585511d020d050c9e457dc10308e651f8afad069765ae6f7d971ad771da20ee90162c5ed54490c2b255f7d324d049c13

    Score
    10/10
    icedid03714063495bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • IcedID First Stage Loader

      loader

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks