icedid | e190c0c0b31deb30652a9807ed76082eae1f12382e400f0d1295023a96d46cdd | Triage

Submit
Reports

Overview

overview

Static

static

Fromware.dll.4.dll

windows10-2004_x64

Sharing

General

Target

Fromware.dll.4.dr (1).zip
Size

319KB
Sample

220427-r9z4esdhel
MD5

ddbb774616e53ab4123aaf854405219f
SHA1

b9537002af4a5a4b43b8ced4ae4486d1c2fb9853
SHA256

e190c0c0b31deb30652a9807ed76082eae1f12382e400f0d1295023a96d46cdd
SHA512

434c7700c049f778abdd353f69c381f494304e9d9e4c2ecb23b1a688ea26fc187fb518060c79866824d632a72e114e8117fcd4abd664cac2692cfd1f031d87e5

Score

10^/10

icedid 3864687680 banker loader suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

Fromware.dll.4.dll

Resource

win10v2004-20220414-en

icedid 3864687680 banker loader suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

icedid

Campaign

3864687680

C2

yellwells.com

Targets

- Target
  
  Fromware.dll.4.dr
- Size
  
  1000KB
- MD5
  
  72e3a54ef288d301e51c7e962ffc8213
- SHA1
  
  1f2ee2dcc17aeb3fd60baee69540ca73e135bc85
- SHA256
  
  44cc69061248ec0671ce9462c4561bd376f1b14c3f8f9b1d9ca94918cd96cb21
- SHA512
  
  f0e5e083c48483af8d5690a20c9cef9033257d08df23b84636c3bc49478fe51b94635f122b5e54540bfde1e6d508fa40e49ee5103d6970651ca57d44956ae8c6
Score

10^/10

icedid 3864687680 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3864687680bankerloadersuricatatrojan

© 2018-2024

Terms | Privacy