Overview

overview

10

Static

static

h1mor3.dll

windows7_x64

10

h1mor3.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    h1mor3.dll

  • Size

    813KB

  • Sample

    220707-abzxbsafcn

  • MD5

    7ad0083961bf384b32a47f24a0139cc0

  • SHA1

    4dd31bcc5617d385a1f2661b9ca57ce36c8dc5f2

  • SHA256

    600b35b0ae3726b5c860281fc6f5254bda2347de7011a7be2b113779d76faffb

  • SHA512

    9200b2eb741cfff2728836f1b2a023c3c6bc25d81dd3c7004035c8c6df86bd3bb4fd58d6631752a08a6249d512069f363c6510970087496a3fa70fd24fffa0bc

Score
10/10
icedid4105767744bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

4105767744

C2

frodupshopping.com

Targets

    • Target

      h1mor3.dll

    • Size

      813KB

    • MD5

      7ad0083961bf384b32a47f24a0139cc0

    • SHA1

      4dd31bcc5617d385a1f2661b9ca57ce36c8dc5f2

    • SHA256

      600b35b0ae3726b5c860281fc6f5254bda2347de7011a7be2b113779d76faffb

    • SHA512

      9200b2eb741cfff2728836f1b2a023c3c6bc25d81dd3c7004035c8c6df86bd3bb4fd58d6631752a08a6249d512069f363c6510970087496a3fa70fd24fffa0bc

    Score
    10/10
    icedid4105767744bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks