Overview

overview

10

Static

static

y2D56.tmp.dll

windows7-x64

10

y2D56.tmp.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    y2D56.tmp.dll

  • Size

    352KB

  • Sample

    220811-2c27madbdp

  • MD5

    363777daf36e9534762d30bd4bf22c74

  • SHA1

    ea94d9afd355dd23a069f21b3562d85a4266da4f

  • SHA256

    8cd135e5b49d16aceb7665b6316cd4df2e132ef503ff0af51c080bad7010efd6

  • SHA512

    c8cac2963c8454890483823738e5adcaee4e945839b64d241d545d3dbc9a798fba7d923eb764cb455db2d27992915cd5f6ef9fae0b05175b7f8ae9669db93d53

Score
10/10
icedid3570055661bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3570055661

C2

alexbionka.com

Targets

    • Target

      y2D56.tmp.dll

    • Size

      352KB

    • MD5

      363777daf36e9534762d30bd4bf22c74

    • SHA1

      ea94d9afd355dd23a069f21b3562d85a4266da4f

    • SHA256

      8cd135e5b49d16aceb7665b6316cd4df2e132ef503ff0af51c080bad7010efd6

    • SHA512

      c8cac2963c8454890483823738e5adcaee4e945839b64d241d545d3dbc9a798fba7d923eb764cb455db2d27992915cd5f6ef9fae0b05175b7f8ae9669db93d53

    Score
    10/10
    icedid3570055661bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks