Overview

overview

10

Static

static

subfreezing.dll

windows7-x64

10

subfreezing.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    subfreezing.dll.exe

  • Size

    727KB

  • Sample

    220915-tfm8wahcbm

  • MD5

    f4fc58dc6888bc8adf18b889794c714e

  • SHA1

    b1aed1eaee31081b15a051bf6ae942ff757f0c5f

  • SHA256

    642cf35793c77d8cd452ff8549bb6810ba5c04b214eed2731dc44b46ef570e26

  • SHA512

    6730504f40587b8747084640cb3e5b0c5d350e551b3dc6b149136c09868c4e8e0e9973c70cc21e504951d220dd68280de635c002949b9e3122d8b80e61288ff1

  • SSDEEP

    12288:oyQT5KcVw1wPNwGYhwjbwHwMw4CnEw/HwNwpuwMIwK2w5wUwjwzU56wTXFwGw5wA:u

Score
10/10
icedid612758225bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

612758225

C2

pildofraften.com

Targets

    • Target

      subfreezing.dll.exe

    • Size

      727KB

    • MD5

      f4fc58dc6888bc8adf18b889794c714e

    • SHA1

      b1aed1eaee31081b15a051bf6ae942ff757f0c5f

    • SHA256

      642cf35793c77d8cd452ff8549bb6810ba5c04b214eed2731dc44b46ef570e26

    • SHA512

      6730504f40587b8747084640cb3e5b0c5d350e551b3dc6b149136c09868c4e8e0e9973c70cc21e504951d220dd68280de635c002949b9e3122d8b80e61288ff1

    • SSDEEP

      12288:oyQT5KcVw1wPNwGYhwjbwHwMw4CnEw/HwNwpuwMIwK2w5wUwjwzU56wTXFwGw5wA:u

    Score
    10/10
    icedid612758225bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks