Overview

overview

10

Static

static

bellows.dll

windows7-x64

10

bellows.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bellows.tmp

  • Size

    91KB

  • Sample

    221111-m7fvjshe8v

  • MD5

    82ca0c46f32af3dad0f89728fd4d70d3

  • SHA1

    469ac2e1e848449f0885e9bdec2317c5997a58c0

  • SHA256

    49573ae54db8071b9fac59de11b45d6f59cd29d6219475d438d5651fe3c17951

  • SHA512

    e9d80c2a5849fbc8071c666fe8e8dfccb25284e835e2f0252270fe9a4d258c212e524584ff614963d51334346dd76ada2942a18185b430effded8a3684b6ea86

  • SSDEEP

    1536:iXREXIBJWIsBMwYrUvjwI7CdiZEkgusxGEgG+JWx+1GlR:OicWIsBiUcI7CWrgus49KxJlR

Score
10/10
icedid426369791bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

426369791

C2

ahilacarstrupert.com

Targets

    • Target

      bellows.tmp

    • Size

      91KB

    • MD5

      82ca0c46f32af3dad0f89728fd4d70d3

    • SHA1

      469ac2e1e848449f0885e9bdec2317c5997a58c0

    • SHA256

      49573ae54db8071b9fac59de11b45d6f59cd29d6219475d438d5651fe3c17951

    • SHA512

      e9d80c2a5849fbc8071c666fe8e8dfccb25284e835e2f0252270fe9a4d258c212e524584ff614963d51334346dd76ada2942a18185b430effded8a3684b6ea86

    • SSDEEP

      1536:iXREXIBJWIsBMwYrUvjwI7CdiZEkgusxGEgG+JWx+1GlR:OicWIsBiUcI7CWrgus49KxJlR

    Score
    10/10
    icedid426369791bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks