Overview

overview

10

Static

static

s4pesa.dll

windows7_x64

10

s4pesa.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    s4pesa.dll

  • Size

    734KB

  • Sample

    220630-lh65rshgeq

  • MD5

    aba62452db477f8e6a5503fb5498df1b

  • SHA1

    930d331cb05ef1cdeed525426f2ebd3b1f6adebf

  • SHA256

    8576e05949fb3682e93b4f9b899bf4724656c4758c6b8d90877326f5f4798dfe

  • SHA512

    af8d83795866f6f0b5ef7344704bab6a4c55933c3c048d4d67bb2a9437a25ea7216224e4659a0b55e774ca858468c598067ddea66270437a986af62bfad0887d

Score
10/10
icedid3652318967bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3652318967

C2

yankyhoni.com

Targets

    • Target

      s4pesa.dll

    • Size

      734KB

    • MD5

      aba62452db477f8e6a5503fb5498df1b

    • SHA1

      930d331cb05ef1cdeed525426f2ebd3b1f6adebf

    • SHA256

      8576e05949fb3682e93b4f9b899bf4724656c4758c6b8d90877326f5f4798dfe

    • SHA512

      af8d83795866f6f0b5ef7344704bab6a4c55933c3c048d4d67bb2a9437a25ea7216224e4659a0b55e774ca858468c598067ddea66270437a986af62bfad0887d

    Score
    10/10
    icedid3652318967bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks