Overview

overview

10

Static

static

10

b4a0138a63...85.dll

windows7_x64

10

b4a0138a63...85.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7501316140.zip

  • Size

    7KB

  • Sample

    220525-1rngcadgc9

  • MD5

    6d80acc6170371d08f52e6595dfe48ac

  • SHA1

    22dc1f60c59526ee6d4fb74b4d1e6d9cbc4d4286

  • SHA256

    ccd7754174dfdc55c49b61cbba9ed782d43b1f5fd9c5611251c7526bf83f058e

  • SHA512

    ca83585dc9f33fc04ba4be27e9e9d0dc24d8a57016e3df73a4e8844df7bac54c5de6bdfaf499d643b93ff54998aaa447a5021d10c7160732a7673592399bc3f9

Score
10/10
icedid168463318bankercollectioncore_payloadloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

168463318

C2

juniarhends.com

Extracted

Family

icedid

Campaign

168463318

rsa_pubkey.plain

Targets

    • Target

      b4a0138a637e4f800e62d91923dc7f77809ab6bf8f27d621502cbe82b06db485

    • Size

      13KB

    • MD5

      e67a59efdb77392a37fdfc2c37db1391

    • SHA1

      5599ea9e45eaeae3985bda51e35befc6c78cc098

    • SHA256

      b4a0138a637e4f800e62d91923dc7f77809ab6bf8f27d621502cbe82b06db485

    • SHA512

      e96cef3386767f2a00dd066f7646487a69be87388c7a1e468bb05b45ecd9172031ff87f9286545ae2bab70818e33ead255ebf63f37af97d9370320791519f961

    Score
    10/10
    icedid168463318bankercore_payloadsuricatatrojancollection

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks