Overview

overview

10

Static

static

o5p0se.dll

windows7_x64

10

o5p0se.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    o5p0se.dll

  • Size

    671KB

  • Sample

    220705-z7ecyadbcj

  • MD5

    3197ba1a5debefb92d74e489e8e21b2f

  • SHA1

    5024c4ef4e98b96e3c50759d37c2cb7f47cecb21

  • SHA256

    fd37ac805a7296f28cae720c52f0d80d1e211ae5129a86ea5b33a224bb4c7895

  • SHA512

    77748f99cff8454dca5ad8a5d135090191954dff09f34b485fb3b2e10a7c5175d0315a77b158c188b050e9894afed1193bb889c9033ae4a375fb1675333d2ba7

Score
10/10
icedid1060798742bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Targets

    • Target

      o5p0se.dll

    • Size

      671KB

    • MD5

      3197ba1a5debefb92d74e489e8e21b2f

    • SHA1

      5024c4ef4e98b96e3c50759d37c2cb7f47cecb21

    • SHA256

      fd37ac805a7296f28cae720c52f0d80d1e211ae5129a86ea5b33a224bb4c7895

    • SHA512

      77748f99cff8454dca5ad8a5d135090191954dff09f34b485fb3b2e10a7c5175d0315a77b158c188b050e9894afed1193bb889c9033ae4a375fb1675333d2ba7

    Score
    10/10
    icedid1060798742bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks