Overview

overview

10

Static

static

p3roms.dll

windows7_x64

10

p3roms.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    p3roms.dll

  • Size

    734KB

  • Sample

    220629-xk1ljscagl

  • MD5

    84adaf9bc6b39ac9f588a2546b4cff84

  • SHA1

    b7a1bf50279f3762a269a6725a37aba36dfcafcd

  • SHA256

    06aadc1b1beff569d05afc7e993e97351330e6e8719f5618ccce5760860d0816

  • SHA512

    4b72e74375df26c52ead4f7af1f364a39c1cdd4d4ed95676fa8193d2de00eaba0d79d93e83235e0df6ae17f69351a1517d4adf516429158a1a5cf071726849fa

Score
10/10
icedid3652318967bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3652318967

C2

yankyhoni.com

Targets

    • Target

      p3roms.dll

    • Size

      734KB

    • MD5

      84adaf9bc6b39ac9f588a2546b4cff84

    • SHA1

      b7a1bf50279f3762a269a6725a37aba36dfcafcd

    • SHA256

      06aadc1b1beff569d05afc7e993e97351330e6e8719f5618ccce5760860d0816

    • SHA512

      4b72e74375df26c52ead4f7af1f364a39c1cdd4d4ed95676fa8193d2de00eaba0d79d93e83235e0df6ae17f69351a1517d4adf516429158a1a5cf071726849fa

    Score
    10/10
    icedid3652318967bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks