Overview

overview

10

Static

static

3

d1e61f9b08...43.xll

windows7-x64

7

d1e61f9b08...43.xll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_77f3784b57f565a77044d5ae2cf7d1a1b5d23310f11a11b10092ad6cd573ae20

  • Size

    31KB

  • Sample

    241222-1fby6szpcm

  • MD5

    82aa94699fc3f3299264e41ca5070413

  • SHA1

    ab610919fb6b2c677df23a883fe8412672092968

  • SHA256

    77f3784b57f565a77044d5ae2cf7d1a1b5d23310f11a11b10092ad6cd573ae20

  • SHA512

    9c64ddc12a4873b108c3a2fd00fe802322ce17ed9b85f862c8362a5159bd7a436f3c0d9f977d09555915fc88e9a5f541ff5687705b24955cc4672ede769f96ef

  • SSDEEP

    768:Z+rwTLEROXgEXXrPFHReQVFmryVKt3YFWWDlZK/N50aV:Z1sRinrPFHpVFmWMt3pWDa8A

Score
10/10
icedid497724135bankerdiscoveryloadertrojan

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

icedid

Campaign

497724135

C2

ovedfromasi.top

Targets

    • Target

      d1e61f9b080e3b6892df3660c346870ec62ce7627437bc666d7e369e215f5f43

    • Size

      70KB

    • MD5

      9fc21e4ab45c411b8251d493963608f3

    • SHA1

      e0f7283f01221c9f54a2aff23bd426340bd00550

    • SHA256

      d1e61f9b080e3b6892df3660c346870ec62ce7627437bc666d7e369e215f5f43

    • SHA512

      03a6f8d64f2bbc0048d4bc00f3bc28b72ff1109cbf0cd5ed401ca6a893225f4b5fc51a7dd495ffb43f2aac2b378e77685b346c523219ca3173cc396913a60793

    • SSDEEP

      1536:IXUu709gnZwl7f/3jWCgiMthg8Mi3lHg9gIgmfgCjMiAOqTu/+vXWPbge96LJ4hH:Iw9ew5fPKCNAXMixmHBfFzmu/mAbgwhh

    Score
    10/10
    discoveryicedid497724135bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Icedid family

      icedid

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks