Overview

overview

10

Static

static

3

1ba223ba63...23.xll

windows7-x64

7

1ba223ba63...23.xll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6e8783ce55907a849f9d8594db57c58d6eac717c7f5e4f8f52752898fe3f1d83

  • Size

    31KB

  • Sample

    241221-yc1r1sxqck

  • MD5

    8f4c32cef17d1a99496a62bd6d7be7e1

  • SHA1

    ab542c0d827d1381a1f70f22ca9ce8275f0f46ea

  • SHA256

    6e8783ce55907a849f9d8594db57c58d6eac717c7f5e4f8f52752898fe3f1d83

  • SHA512

    8378e8553aeacf4cc1ae52efd4258e562d2d8bd166831b96c571dcb7c4b9228c910c240a4012ef26e7369ff9cc5ea4a2be904f9ab798fb6c5d30d37c3f662adb

  • SSDEEP

    768:4jUAoPIOKoan/XJo4C7CuPXxjlnOYGGHWOAeUH4uPAt7:4jUdDan/XJoBPXll2DB7Ax

Score
10/10
icedid497724135bankerdiscoveryloadertrojan

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

icedid

Campaign

497724135

C2

ovedfromasi.top

Targets

    • Target

      1ba223ba6300c05c1e29105e519d884c2cebdbd1485838a46378c10dc77a8623

    • Size

      70KB

    • MD5

      9ba7141f0a8d4840393af0230184dccd

    • SHA1

      4c5a61203719c4fb3e64117a6c5e5980bd257802

    • SHA256

      1ba223ba6300c05c1e29105e519d884c2cebdbd1485838a46378c10dc77a8623

    • SHA512

      e2a857771574da00da240b84ad91b99d01cbe4fcf4dc0e7a592bce490752646a84e13010ed0523ce50891058cfdfd5cdc708660d4ad1b7184e43fd6056e1162d

    • SSDEEP

      1536:MXUu709gnZgl7f/3jWCgiMthg8Mi3lHg9gIgmfgCjMiAOqTu/+vXWPbge96L94hH:Mw9eg5fPKCNAXMixmHBfFzmu/mAbgw1h

    Score
    10/10
    discoveryicedid497724135bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Icedid family

      icedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks