Overview

overview

10

Static

static

Giowcosi64.dll

windows7_x64

10

Giowcosi64.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Giowcosi64.dll

  • Size

    113KB

  • Sample

    211202-dtmaqsdge9

  • MD5

    8afee9d09b791bffd2372931cc9060ba

  • SHA1

    fe27de2819b394e2b0824dd28531a4ab914aa855

  • SHA256

    c340ae2dde2bd8fbae46b15abef0c7e706fe8953c837329bde409959836d6510

  • SHA512

    7e13ae3e0a1c783ad19e34be8a921473b239eb21d66301a21a325aa245b5930f907182688ed819aef4cc85a0e1b4f407b5a76a40c907f8fb4eb0280e363d400e

Score
10/10
icedid1892568649bankertrojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com
Attributes
  • auth_var

    10

  • url_path

    /news/

Targets

    • Target

      Giowcosi64.dll

    • Size

      113KB

    • MD5

      8afee9d09b791bffd2372931cc9060ba

    • SHA1

      fe27de2819b394e2b0824dd28531a4ab914aa855

    • SHA256

      c340ae2dde2bd8fbae46b15abef0c7e706fe8953c837329bde409959836d6510

    • SHA512

      7e13ae3e0a1c783ad19e34be8a921473b239eb21d66301a21a325aa245b5930f907182688ed819aef4cc85a0e1b4f407b5a76a40c907f8fb4eb0280e363d400e

    Score
    10/10
    icedid1892568649bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks