Overview

overview

10

Static

static

hypocritical.dll

windows7-x64

10

hypocritical.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hypocritical.dll

  • Size

    476KB

  • Sample

    220927-t2tyjsdhe8

  • MD5

    3e1d359dcc483c475b0371df468afbba

  • SHA1

    2206b713c78cccf382faae0cdd2a8b1e3270b346

  • SHA256

    5a866cb8e80bdd4659ec8fe0a70f85eaf665560a74ff1a45b5e6b5f41cb56b4a

  • SHA512

    4b0d17b20f8caef53537a3342fc5f22c711fd9e21d3c4a883acbe5189bf4fcb4a658a789f3bcbddf521749150a7cffa6524782bb0735ffb99d57e9688199f7f7

  • SSDEEP

    6144:bpowRmpalgwWrQk2wT7Byq1i6qZksSiOmvQeQEeA:awUpalgwbtq7sq1i6qqsSIjeA

Score
10/10
icedid3228182693bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3228182693

C2

tezycronam.com

Targets

    • Target

      hypocritical.dll

    • Size

      476KB

    • MD5

      3e1d359dcc483c475b0371df468afbba

    • SHA1

      2206b713c78cccf382faae0cdd2a8b1e3270b346

    • SHA256

      5a866cb8e80bdd4659ec8fe0a70f85eaf665560a74ff1a45b5e6b5f41cb56b4a

    • SHA512

      4b0d17b20f8caef53537a3342fc5f22c711fd9e21d3c4a883acbe5189bf4fcb4a658a789f3bcbddf521749150a7cffa6524782bb0735ffb99d57e9688199f7f7

    • SSDEEP

      6144:bpowRmpalgwWrQk2wT7Byq1i6qZksSiOmvQeQEeA:awUpalgwbtq7sq1i6qqsSIjeA

    Score
    10/10
    icedid3228182693bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks