Overview

overview

10

Static

static

Fromware.dll.4.dll

windows7_x64

10

Fromware.dll.4.dll

windows10_x64

10

Fromware.dll.4.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fromware.dll.4.dr.zip

  • Size

    580KB

  • Sample

    220420-zevt8acea6

  • MD5

    de648cbf156ae5adf5a5005548b7319b

  • SHA1

    ded66b61dae24d47da51b068f11f1f98a045f3b7

  • SHA256

    435aedd53caa65976f6ca7084a477895c67733218b955bfd8dad04da66ba7f6e

  • SHA512

    31cb3ee1bd869906e7ec1eb9b61a15f8b46df44af6d1e50a27c6100e29d067774e5d18e0ca39f3241b046097871556406cc088b869235de23255b1d4fbb04409

Score
10/10
icedid2544198788bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2544198788

C2

yellwells.com

Targets

    • Target

      Fromware.dll.4.dr

    • Size

      1.8MB

    • MD5

      989a47b62f1014d6d937119326ca67a1

    • SHA1

      416fcfb222e5224c487bda6eb011fa6f42d96186

    • SHA256

      2948d545b8901e331c14faa2def87766e8241360e0595fa8a273c9d0028a3692

    • SHA512

      6960e4f345fa4c37632438bd20ae98a281511e34e4febf1af7637b7061c1ba864a0c77bce878860a8a079665197237d608899cc81fadabf62dd1450c66ef00be

    Score
    10/10
    icedid2544198788bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks