Overview

overview

10

Static

static

1

f613e4db2c...0c.dll

windows7-x64

10

f613e4db2c...0c.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f613e4db2c8497bd6b3b7a5fb9494a6e7839d7694a8d9144c2975d2503f23a0c.dll

  • Size

    277KB

  • Sample

    230223-31v9nahe62

  • MD5

    85eb9ea02021d4bed123c0b55f98524d

  • SHA1

    f11a2f2c9bbf30c1c476bc86cad025b2b81d37b6

  • SHA256

    f613e4db2c8497bd6b3b7a5fb9494a6e7839d7694a8d9144c2975d2503f23a0c

  • SHA512

    a16d622291b21ac76798b8e8a8bcc7f517b2c4510d17768bef5511f4851d01d3fb5bcb4d497c8bd7e1200fb1dc912d3d7cfd61a4aa56560d946ed746662f4521

  • SSDEEP

    6144:h3zbE9UUeYjBnJe53X0IcnoB50VlyJqrbgjc:h3PsJe53XwoBClImM

Score
10/10
icedid3954321778bankercollectionspywarestealertrojan

Malware Config

Extracted

Family

icedid

Campaign

3954321778

Targets

    • Target

      f613e4db2c8497bd6b3b7a5fb9494a6e7839d7694a8d9144c2975d2503f23a0c.dll

    • Size

      277KB

    • MD5

      85eb9ea02021d4bed123c0b55f98524d

    • SHA1

      f11a2f2c9bbf30c1c476bc86cad025b2b81d37b6

    • SHA256

      f613e4db2c8497bd6b3b7a5fb9494a6e7839d7694a8d9144c2975d2503f23a0c

    • SHA512

      a16d622291b21ac76798b8e8a8bcc7f517b2c4510d17768bef5511f4851d01d3fb5bcb4d497c8bd7e1200fb1dc912d3d7cfd61a4aa56560d946ed746662f4521

    • SSDEEP

      6144:h3zbE9UUeYjBnJe53X0IcnoB50VlyJqrbgjc:h3PsJe53XwoBClImM

    Score
    10/10
    icedid3954321778bankercollectionspywarestealertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks