General
-
Target
Fromware.dll.4.dr (1).zip
-
Size
319KB
-
Sample
220427-r9z4esdhel
-
MD5
ddbb774616e53ab4123aaf854405219f
-
SHA1
b9537002af4a5a4b43b8ced4ae4486d1c2fb9853
-
SHA256
e190c0c0b31deb30652a9807ed76082eae1f12382e400f0d1295023a96d46cdd
-
SHA512
434c7700c049f778abdd353f69c381f494304e9d9e4c2ecb23b1a688ea26fc187fb518060c79866824d632a72e114e8117fcd4abd664cac2692cfd1f031d87e5
Static task
static1
Malware Config
Extracted
icedid
3864687680
yellwells.com
Targets
-
-
Target
Fromware.dll.4.dr
-
Size
1000KB
-
MD5
72e3a54ef288d301e51c7e962ffc8213
-
SHA1
1f2ee2dcc17aeb3fd60baee69540ca73e135bc85
-
SHA256
44cc69061248ec0671ce9462c4561bd376f1b14c3f8f9b1d9ca94918cd96cb21
-
SHA512
f0e5e083c48483af8d5690a20c9cef9033257d08df23b84636c3bc49478fe51b94635f122b5e54540bfde1e6d508fa40e49ee5103d6970651ca57d44956ae8c6
-
suricata: ET MALWARE Win32/IcedID Request Cookie
suricata: ET MALWARE Win32/IcedID Request Cookie
-
Blocklisted process makes network request
-
Loads dropped DLL
-