Overview

overview

10

Static

static

3

e4fdc8b674...25.xll

windows7-x64

7

e4fdc8b674...25.xll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17c93b8c39237e477d26462af05457a2c5402d736368183d0e38a6b19dea6d44

  • Size

    31KB

  • Sample

    241221-wk829avqgk

  • MD5

    c7d0c5595f37dc8913ebce4617865357

  • SHA1

    cbdbd504f101698489d5d979758b727689083dbb

  • SHA256

    17c93b8c39237e477d26462af05457a2c5402d736368183d0e38a6b19dea6d44

  • SHA512

    1ff0f10c94cfc2e3205614c7d3256e3b22a7ec3bfcfc63aa06822e25c2f0f7c9fffa1f8d0cc45ce039392e2a0231b55b46dafa8a4c2d259226fe43cd1033f3f4

  • SSDEEP

    768:KjUAoPIOKoan/XJo4C7R5ihCqjYcvEj+TPjwOkZOuPAtU:KjUdDan/XJob5kjYcqa/AfA2

Score
10/10
icedid497724135bankerdiscoveryloadertrojan

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

icedid

Campaign

497724135

C2

ovedfromasi.top

Targets

    • Target

      e4fdc8b6743a24bcb75957fc1c2591dd552637e33184affe233f2ec7aa694225

    • Size

      70KB

    • MD5

      3b997ceaae98ea79e64717c1223b03b2

    • SHA1

      8e5f7f54cf8e1f8d2615d70dd60e8a2cdf9108cf

    • SHA256

      e4fdc8b6743a24bcb75957fc1c2591dd552637e33184affe233f2ec7aa694225

    • SHA512

      0d0ebac10b3c83e25086c2e7417b81fc19e803acf1c79dd7732b320b70ec2091d261001c98e8b1bc3bb1b4121fcb009a00f96c5edd307d4bd8b1eda9da037319

    • SSDEEP

      1536:bXUu709gnZkl7f/3jWCgiMthg8Mi3lHg9gIgmfgCjMiAOqTu/+vXWPbge96LM4hH:bw9ek5fPKCNAXMixmHBfFzmu/mAbgw2h

    Score
    10/10
    discoveryicedid497724135bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Icedid family

      icedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks