Source: Yara match | File source: 10.2.rundll32.exe.208f72d0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e480000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2870000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1380000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33860000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1370000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.208f7310000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2820000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e480000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e370000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.208f7310000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33a60000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1340000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcf20000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1380000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1350000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33a60000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778a50000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcdf0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778a50000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778900000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcf20000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1350000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2870000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000005.00000002.765347157.000001ED33860000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.765442198.000001ED33A60000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.741382042.000001BB6E480000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.832558945.00000208F7310000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.741362051.000001C2D1340000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.741362258.000001BB6E370000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.776377415.000001B778A50000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.825177682.0000021EA2820000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.765191936.00000207D1370000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.776350458.000001B778900000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.741365555.000001C2D1350000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.825233831.0000021EA2870000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.826014958.000001AEBCF20000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.765207841.00000207D1380000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.832543483.00000208F72D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.825990184.000001AEBCDF0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 10.2.rundll32.exe.208f72d0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e480000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2870000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1380000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33860000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1370000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.208f7310000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2820000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e480000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e370000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.208f7310000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33a60000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1340000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcf20000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1380000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1350000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33a60000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778a50000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcdf0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778a50000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778900000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcf20000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1350000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2870000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000005.00000002.765347157.000001ED33860000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.765442198.000001ED33A60000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.741382042.000001BB6E480000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.832558945.00000208F7310000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.741362051.000001C2D1340000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.741362258.000001BB6E370000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.776377415.000001B778A50000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.825177682.0000021EA2820000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.765191936.00000207D1370000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.776350458.000001B778900000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.741365555.000001C2D1350000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.825233831.0000021EA2870000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.826014958.000001AEBCF20000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.765207841.00000207D1380000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.832543483.00000208F72D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.825990184.000001AEBCDF0000.00000004.00000001.sdmp, type: MEMORY |
Source: 10.2.rundll32.exe.208f72d0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 2.2.rundll32.exe.1bb6e480000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 9.2.rundll32.exe.21ea2870000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 4.2.rundll32.exe.207d1380000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 5.2.rundll32.exe.1ed33860000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 4.2.rundll32.exe.207d1370000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 10.2.rundll32.exe.208f7310000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 9.2.rundll32.exe.21ea2820000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 2.2.rundll32.exe.1bb6e480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 2.2.rundll32.exe.1bb6e370000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 10.2.rundll32.exe.208f7310000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 5.2.rundll32.exe.1ed33a60000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 3.2.rundll32.exe.1c2d1340000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 8.2.rundll32.exe.1aebcf20000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 4.2.rundll32.exe.207d1380000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 3.2.rundll32.exe.1c2d1350000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 5.2.rundll32.exe.1ed33a60000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0.2.loaddll64.exe.1b778a50000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 8.2.rundll32.exe.1aebcdf0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0.2.loaddll64.exe.1b778a50000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0.2.loaddll64.exe.1b778900000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 8.2.rundll32.exe.1aebcf20000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 3.2.rundll32.exe.1c2d1350000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 9.2.rundll32.exe.21ea2870000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000005.00000002.765347157.000001ED33860000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000005.00000002.765442198.000001ED33A60000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000002.00000002.741382042.000001BB6E480000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0000000A.00000002.832558945.00000208F7310000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000003.00000002.741362051.000001C2D1340000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000002.00000002.741362258.000001BB6E370000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000000.00000002.776377415.000001B778A50000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000009.00000002.825177682.0000021EA2820000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000004.00000002.765191936.00000207D1370000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000000.00000002.776350458.000001B778900000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000003.00000002.741365555.000001C2D1350000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000009.00000002.825233831.0000021EA2870000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000008.00000002.826014958.000001AEBCF20000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000004.00000002.765207841.00000207D1380000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0000000A.00000002.832543483.00000208F72D0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000008.00000002.825990184.000001AEBCDF0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: unknown | Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\Giowcosi64.dll" |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",#1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,DllMain |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",#1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,GeogtrHfbokouxgzMvmrq |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,MabefshhHuruaftdQzntqpmiqf |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",DllMain |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",GeogtrHfbokouxgzMvmrq |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",MabefshhHuruaftdQzntqpmiqf |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",#1 |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,DllMain |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,GeogtrHfbokouxgzMvmrq |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,MabefshhHuruaftdQzntqpmiqf |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",DllMain |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",GeogtrHfbokouxgzMvmrq |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",MabefshhHuruaftdQzntqpmiqf |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",#1 |
Source: Yara match | File source: 10.2.rundll32.exe.208f72d0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e480000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2870000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1380000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33860000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1370000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.208f7310000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2820000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e480000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e370000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.208f7310000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33a60000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1340000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcf20000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1380000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1350000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33a60000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778a50000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcdf0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778a50000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778900000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcf20000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1350000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2870000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000005.00000002.765347157.000001ED33860000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.765442198.000001ED33A60000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.741382042.000001BB6E480000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.832558945.00000208F7310000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.741362051.000001C2D1340000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.741362258.000001BB6E370000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.776377415.000001B778A50000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.825177682.0000021EA2820000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.765191936.00000207D1370000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.776350458.000001B778900000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.741365555.000001C2D1350000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.825233831.0000021EA2870000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.826014958.000001AEBCF20000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.765207841.00000207D1380000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.832543483.00000208F72D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.825990184.000001AEBCDF0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 10.2.rundll32.exe.208f72d0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e480000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2870000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1380000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33860000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1370000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.208f7310000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2820000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e480000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.rundll32.exe.1bb6e370000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.208f7310000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33a60000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1340000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcf20000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.207d1380000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1350000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.1ed33a60000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778a50000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcdf0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778a50000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.loaddll64.exe.1b778900000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 8.2.rundll32.exe.1aebcf20000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 3.2.rundll32.exe.1c2d1350000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.21ea2870000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000005.00000002.765347157.000001ED33860000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.765442198.000001ED33A60000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.741382042.000001BB6E480000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.832558945.00000208F7310000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.741362051.000001C2D1340000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.741362258.000001BB6E370000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.776377415.000001B778A50000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.825177682.0000021EA2820000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.765191936.00000207D1370000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.776350458.000001B778900000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000003.00000002.741365555.000001C2D1350000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.825233831.0000021EA2870000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.826014958.000001AEBCF20000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.765207841.00000207D1380000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.832543483.00000208F72D0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000008.00000002.825990184.000001AEBCDF0000.00000004.00000001.sdmp, type: MEMORY |