Overview

overview

10

Static

static

treasury.dll

windows7-x64

1

treasury.dll

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    treasury.db

  • Size

    679KB

  • Sample

    220928-xv1djaaabp

  • MD5

    d6d9279f33ae617f303a7d23d3a9d4c6

  • SHA1

    00f2dcc3851ae48c8d23739d051aad423a824010

  • SHA256

    3b5f1e4942e4d13778e9ad9cd051ee2820e55b06966472e5764facecbcc94f28

  • SHA512

    1ce4b8df974639cbaf7d396050092ada1d2f67efc829d0871980eb337cccef11307e7e5709d9af763ccde31bd6ee9a40ba8f7c644aa8ee64a141b6c7b80994b2

  • SSDEEP

    6144:NMjneLstVgH2yICXFa98HrqnlSGbezqOcLf/1O5800oBKMvUfEfm/A:NMjeqd2XxGbfOqfVmKMuY

Score
10/10
icedid2909555027bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2909555027

C2

guversaksi.com

Targets

    • Target

      treasury.db

    • Size

      679KB

    • MD5

      d6d9279f33ae617f303a7d23d3a9d4c6

    • SHA1

      00f2dcc3851ae48c8d23739d051aad423a824010

    • SHA256

      3b5f1e4942e4d13778e9ad9cd051ee2820e55b06966472e5764facecbcc94f28

    • SHA512

      1ce4b8df974639cbaf7d396050092ada1d2f67efc829d0871980eb337cccef11307e7e5709d9af763ccde31bd6ee9a40ba8f7c644aa8ee64a141b6c7b80994b2

    • SSDEEP

      6144:NMjneLstVgH2yICXFa98HrqnlSGbezqOcLf/1O5800oBKMvUfEfm/A:NMjeqd2XxGbfOqfVmKMuY

    Score
    10/10
    icedid2909555027bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks