Overview

overview

10

Static

static

601d089964...89.dll

windows7_x64

10

601d089964...89.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    601d0899645126a73bfa3b2409247b89.dll

  • Size

    813KB

  • Sample

    220711-w6h3ysbfen

  • MD5

    601d0899645126a73bfa3b2409247b89

  • SHA1

    ae957d62002d89b3d3296d3f8da4a91a424a50de

  • SHA256

    1315db635b39175a045d3eff6c7f903a35b83202950069c8585eb56b2c50abda

  • SHA512

    806c9c1ed2449d4abb414c218ffb3c108e2f44df183925efaccc8e333505ad67440398215dd32c43f6ef949c754f8e03a9fca27663306aedb2ff417545c9bfc5

Score
10/10
icedid4105767744bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

4105767744

C2

frodupshopping.com

Targets

    • Target

      601d0899645126a73bfa3b2409247b89.dll

    • Size

      813KB

    • MD5

      601d0899645126a73bfa3b2409247b89

    • SHA1

      ae957d62002d89b3d3296d3f8da4a91a424a50de

    • SHA256

      1315db635b39175a045d3eff6c7f903a35b83202950069c8585eb56b2c50abda

    • SHA512

      806c9c1ed2449d4abb414c218ffb3c108e2f44df183925efaccc8e333505ad67440398215dd32c43f6ef949c754f8e03a9fca27663306aedb2ff417545c9bfc5

    Score
    10/10
    icedid4105767744bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks