Overview

overview

10

Static

static

o5p0se.dll

windows7_x64

10

o5p0se.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    o5p0se.dll

  • Size

    673KB

  • Sample

    220705-1ht8jafbg6

  • MD5

    eb8f42a2f47ca5e1a71dbc788281bba0

  • SHA1

    497ba1a578616b3d5fc56becaed0c725eff57a2a

  • SHA256

    4f5227f9ff30dcd84c8cb7f911e60165d810bc89c340160ecbda130efcaa2f11

  • SHA512

    1e85bd18b21a93c8922db654dda61e901f48c9affab4c4425542e3c4f860a6e4299179a63c6e3a38fae6f6093d9055fbe7ca46041811366f7def266e5a2bd987

Score
10/10
icedid1060798742bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Targets

    • Target

      o5p0se.dll

    • Size

      673KB

    • MD5

      eb8f42a2f47ca5e1a71dbc788281bba0

    • SHA1

      497ba1a578616b3d5fc56becaed0c725eff57a2a

    • SHA256

      4f5227f9ff30dcd84c8cb7f911e60165d810bc89c340160ecbda130efcaa2f11

    • SHA512

      1e85bd18b21a93c8922db654dda61e901f48c9affab4c4425542e3c4f860a6e4299179a63c6e3a38fae6f6093d9055fbe7ca46041811366f7def266e5a2bd987

    Score
    10/10
    icedid1060798742bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks