Overview

overview

10

Static

static

nerol3.dll

windows7_x64

1

nerol3.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sample.zip

  • Size

    346KB

  • Sample

    220519-ndcfpseef8

  • MD5

    2cbde09e3d655b15315705ecef6fb831

  • SHA1

    6a3a238806974e8e54151a60e6cf0dafb62cae40

  • SHA256

    1c471f6693f916a16134d04315134fab29cb616b7f58b1a524cf7eba98fa5a2d

  • SHA512

    7a673e00d7daa9ae7e4bd47493398a2cf5fc517498a0ad62672214b14dd3320af0c7126e1a1b22e458d3c35426d2ee688a38b38a1bcbc8da72095c2c169a4d0c

Score
10/10
icedid3118344709bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3118344709

C2

speratinda.com

Targets

    • Target

      nerol3.dll

    • Size

      634KB

    • MD5

      da15f2de43f2df16ea07adf3b2424bac

    • SHA1

      44c7d4abd240045e79ce9add5a84fbf07033e3f7

    • SHA256

      e8159b1cc7d56945d77037837be466a7363a7963d1256e9acbcdd6e0e0806899

    • SHA512

      357981c9dd9faa5326d653eccfebeb54b59f9a2abfc3e0e4bf63032ee982d83bc94c5a5225a1ce8d483d18cf3b72050e696c90bf6ce02fc5bcbec3a46c853384

    Score
    10/10
    icedid3118344709bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks