Overview

overview

10

Static

static

dispellers.dll

windows7-x64

10

dispellers.dll

windows10-2004-x64

10

Resubmissions

21-10-2022 06:59

221021-hr9qgagedn 10

05-10-2022 19:56

221005-ynrngsffek 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dispellers.dat

  • Size

    479KB

  • Sample

    221005-ynrngsffek

  • MD5

    4ec8ac71c0ecb64d4d89eebc104cf065

  • SHA1

    dd012750ae737cc577204cb53c6e8a32ea042e48

  • SHA256

    bdbec7d770eddda6e8009ede94bbdb37d862b26dcdefef2566908e9b3443108b

  • SHA512

    4f1f350dddbad768cdf7ede89f15dca3dd4273e5ee85ddc54375c735fa98cca2f275b5f624699c2b2265983e8319f81e09216438bf7ff28e3a935d56205fca2b

  • SSDEEP

    6144:F6pR9qvN6dQM9eyjcnzeX1GmQnehuuS8D52XJ2hfwT7/R7NlFm81nKcpWlD:CR9XEyXLQEF2V5nKcp6D

Score
10/10
icedid2348925224bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2348925224

C2

fireskupigar.com

Targets

    • Target

      dispellers.dat

    • Size

      479KB

    • MD5

      4ec8ac71c0ecb64d4d89eebc104cf065

    • SHA1

      dd012750ae737cc577204cb53c6e8a32ea042e48

    • SHA256

      bdbec7d770eddda6e8009ede94bbdb37d862b26dcdefef2566908e9b3443108b

    • SHA512

      4f1f350dddbad768cdf7ede89f15dca3dd4273e5ee85ddc54375c735fa98cca2f275b5f624699c2b2265983e8319f81e09216438bf7ff28e3a935d56205fca2b

    • SSDEEP

      6144:F6pR9qvN6dQM9eyjcnzeX1GmQnehuuS8D52XJ2hfwT7/R7NlFm81nKcpWlD:CR9XEyXLQEF2V5nKcp6D

    Score
    10/10
    icedid2348925224bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks