Overview

overview

10

Static

static

anyhow.tmp.dll

windows7-x64

10

anyhow.tmp.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    anyhow.tmp.exe

  • Size

    91KB

  • Sample

    221110-3w971shean

  • MD5

    13563c9b38c5aa0e0efbd7b3fbbbb32d

  • SHA1

    fb6d2a7852d1b447a0fc2d1fd18108d81639ef91

  • SHA256

    64598e2bc1c0f58636825193c93405d555a5fcd87816ec22842125629d3136ad

  • SHA512

    a07559208fa4dd280ca53133d08fcd82430c36d19a890cdf2eedfdedb3e98235c10c5dfb0967354929da684f6e51dff712f4da819af71dd81453a6ed32c9f3f2

  • SSDEEP

    1536:vXREXIBJWIsBMwYrUvjwI7CdiZEkgusxGEgG+JWx+1GlR:ZicWIsBiUcI7CWrgus49KxJlR

Score
10/10
icedid426369791bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

426369791

C2

ahilacarstrupert.com

Targets

    • Target

      anyhow.tmp.exe

    • Size

      91KB

    • MD5

      13563c9b38c5aa0e0efbd7b3fbbbb32d

    • SHA1

      fb6d2a7852d1b447a0fc2d1fd18108d81639ef91

    • SHA256

      64598e2bc1c0f58636825193c93405d555a5fcd87816ec22842125629d3136ad

    • SHA512

      a07559208fa4dd280ca53133d08fcd82430c36d19a890cdf2eedfdedb3e98235c10c5dfb0967354929da684f6e51dff712f4da819af71dd81453a6ed32c9f3f2

    • SSDEEP

      1536:vXREXIBJWIsBMwYrUvjwI7CdiZEkgusxGEgG+JWx+1GlR:ZicWIsBiUcI7CWrgus49KxJlR

    Score
    10/10
    icedid426369791bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks