Overview

overview

10

Static

static

sac3p.dll

windows7_x64

10

sac3p.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sac3p.dll

  • Size

    423KB

  • Sample

    220630-wh5l2sehen

  • MD5

    99713db445d054a089235ddce903f38f

  • SHA1

    924c231cf449303cb42e32df5d720f6cd5fc1e47

  • SHA256

    629fca5ccdd42cc48569932968c4c9b215bcc0ce0e783e92e4e41a975adcb031

  • SHA512

    fbce18c2a1d40e92a6cb26358a17e969bed966602718759c89d8b8fc2f56cf0982e4dd04a2e57f0289f7056fa5e43eab79174ddb4a13fbbe21ba166816d560d1

Score
10/10
icedid3635541348bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3635541348

C2

piponareatna.com

Targets

    • Target

      sac3p.dll

    • Size

      423KB

    • MD5

      99713db445d054a089235ddce903f38f

    • SHA1

      924c231cf449303cb42e32df5d720f6cd5fc1e47

    • SHA256

      629fca5ccdd42cc48569932968c4c9b215bcc0ce0e783e92e4e41a975adcb031

    • SHA512

      fbce18c2a1d40e92a6cb26358a17e969bed966602718759c89d8b8fc2f56cf0982e4dd04a2e57f0289f7056fa5e43eab79174ddb4a13fbbe21ba166816d560d1

    Score
    10/10
    icedid3635541348bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks