Overview

overview

10

Static

static

10

dar.dll

windows7_x64

10

dar.dll

windows10-2004_x64

10

Resubmissions

14-06-2022 19:29

220614-x7cs1adfg2 10

14-06-2022 19:25

220614-x43j9aded9 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7585926158.zip

  • Size

    84KB

  • Sample

    220614-x7cs1adfg2

  • MD5

    5d6567fc6453af9f8c50bbee40e50c95

  • SHA1

    bc7a4b50c5e3921276fd9f6329eb25b1a1e352b6

  • SHA256

    2b6c0c8fb1ce4458ec97642650f1dc2ef3449ef2bc41ade5466ad15013608d42

  • SHA512

    7bc399a8a96c78b072cf799789ce09ac0f05be8d022ef31a6dc518b538ff0ebe0766f54850815a5249078bca0880ec782d796779ef4af7ce8e894c1a832d5b08

Score
10/10
icedid3529509686bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3529509686

C2

oceriesfornot.top

Targets

    • Target

      dar.dll

    • Size

      147KB

    • MD5

      4a6ceabb2ce1b486398c254a5503b792

    • SHA1

      08a1c43bd1c63bbea864133d2923755aa2f74440

    • SHA256

      4a76a28498b7f391cdc2be73124b4225497232540247ca3662abd9ab2210be36

    • SHA512

      a7266dbfee0689fe9386686a6f892055fffb15f5c11e77bf6591ded82a00b884da9b13ce5a7f29c827ae91018d9f7e71e2e6abb99050da3419154ae1edf77394

    Score
    10/10
    icedid3529509686bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks