icedid | d7858d0d2070afbcb603777e61c237de5da07ca9bf3a868ddf0c2901998dc598 | Triage

Submit
Reports

Overview

overview

Static

static

kXVvOoky.dll

windows7_x64

kXVvOoky.dll

windows10-2004_x64

Sharing

General

Target

kXVvOoky.Qqn
Size

534KB
Sample

220707-t24gzsdbg4
MD5

5a53aed162fe5b917a4132d550989bb3
SHA1

700b23cf23a3997042a7d0bc2d2c2c1d62916a02
SHA256

d7858d0d2070afbcb603777e61c237de5da07ca9bf3a868ddf0c2901998dc598
SHA512

0d77e80d4df495b35bde468da4d0224d379b68a3372f0472a00ab70a844752f3dd5eacb975130d117f14c2437d553f0505d30a1042fb2d22a92458bdbac64fff

Score

10^/10

icedid 227378761 banker loader suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

kXVvOoky.dll

Resource

win7-20220414-en

icedid 227378761 banker loader suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

kXVvOoky.dll

Resource

win10v2004-20220414-en

icedid 227378761 banker loader suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

- Target
  
  kXVvOoky.Qqn
- Size
  
  534KB
- MD5
  
  5a53aed162fe5b917a4132d550989bb3
- SHA1
  
  700b23cf23a3997042a7d0bc2d2c2c1d62916a02
- SHA256
  
  d7858d0d2070afbcb603777e61c237de5da07ca9bf3a868ddf0c2901998dc598
- SHA512
  
  0d77e80d4df495b35bde468da4d0224d379b68a3372f0472a00ab70a844752f3dd5eacb975130d117f14c2437d553f0505d30a1042fb2d22a92458bdbac64fff
Score

10^/10

icedid 227378761 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid227378761bankerloadersuricatatrojan

behavioral2

icedid227378761bankerloadersuricatatrojan

© 2018-2024

Terms | Privacy