Extracted

• • Target

    doc_2265273.lnk

  • Size

    2KB

  • MD5

    a312e810fd34a9668948d6fa45982d25

  • SHA1

    a54e369404b7f2a1bc894116c4f9ee619cefe294

  • SHA256

    50518300d02153d04bf8eb8efd784fd88db56fbae142c1cfd5af45a52023d262

  • SHA512

    19dd647a3332b11440cce6ef2b129e09f3d280b997d8bc64449f2676f7dec5e8c260c494551a79faebc4b6e9c0bbfc955ea1d37018da013cd84266bcd9335fef

  Score

  10^/10

  icedid227378761bankerloadersuricatatrojan

  • IcedID, BokBot

    IcedID is a banking trojan capable of stealing credentials.

    trojanbankericedid

  • suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata: ET MALWARE Win32/IcedID Request Cookie

    suricata

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  behavioral1behavioral2