Overview

overview

10

Static

static

overcontrolling.dll

windows7-x64

10

overcontrolling.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    overcontrolling.tmp

  • Size

    1.6MB

  • Sample

    221220-yxbzdseb2w

  • MD5

    1795382b21fad93fe3fe3d75ef40a67d

  • SHA1

    7a6fa8a71a68e3226b6cad24cd3eff4767111e58

  • SHA256

    97593b69833226ed1488e6914351418018094dcedbab0984eae4648e12d8b26b

  • SHA512

    189ba19e3cbf8ca0dc02524e4d73eb53bb7408c9e451061373f797603a2ccd80d4de41756e0e896a29124d700f184279b2403a130eca0b1389f3d2aee5bad74f

  • SSDEEP

    24576:XmJTd0nVi/Md3bupZkKBhWPRIlq5YZ6a2CXH7oZgKGc+erWJUVWyubuapwNDlaTI:XmJTd4iMwXH7oZgKb++BVL4B+NITgr0Y

Score
10/10
icedid3114391984bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3114391984

C2

estrabornhot.com

Targets

    • Target

      overcontrolling.tmp

    • Size

      1.6MB

    • MD5

      1795382b21fad93fe3fe3d75ef40a67d

    • SHA1

      7a6fa8a71a68e3226b6cad24cd3eff4767111e58

    • SHA256

      97593b69833226ed1488e6914351418018094dcedbab0984eae4648e12d8b26b

    • SHA512

      189ba19e3cbf8ca0dc02524e4d73eb53bb7408c9e451061373f797603a2ccd80d4de41756e0e896a29124d700f184279b2403a130eca0b1389f3d2aee5bad74f

    • SSDEEP

      24576:XmJTd0nVi/Md3bupZkKBhWPRIlq5YZ6a2CXH7oZgKGc+erWJUVWyubuapwNDlaTI:XmJTd4iMwXH7oZgKb++BVL4B+NITgr0Y

    Score
    10/10
    icedid3114391984bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks