Source: Yara match | File source: 12.2.rundll32.exe.1473bb10000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2d0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1440000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7ae0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae180000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d60000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa80000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1440000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d10000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1430000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bee0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d60000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bed0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa70000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2c0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa80000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb00000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae170000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7890000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae180000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7ae0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bee0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb10000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000005.00000002.753734569.000002BB4AA80000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.1023202734.000001A9C7AE0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.824770074.000001473BB10000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.753421493.000002BB4AA70000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.744528892.0000023BAE180000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.760340152.000002332F2C0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.826876248.000001C801D60000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.824761939.000001473BB00000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.760354110.000002332F2D0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.825167289.00000136B1430000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.826795548.000001C801D10000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.744526075.0000023BAE170000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.760108318.000002CA7BEE0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.825171186.00000136B1440000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.1023090624.000001A9C7890000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.760094169.000002CA7BED0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb10000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2d0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1440000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7ae0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae180000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d60000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa80000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1440000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d10000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1430000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bee0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d60000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bed0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa70000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2c0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa80000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb00000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae170000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7890000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae180000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7ae0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bee0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb10000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000005.00000002.753734569.000002BB4AA80000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.1023202734.000001A9C7AE0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.824770074.000001473BB10000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.753421493.000002BB4AA70000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.744528892.0000023BAE180000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.760340152.000002332F2C0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.826876248.000001C801D60000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.824761939.000001473BB00000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.760354110.000002332F2D0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.825167289.00000136B1430000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.826795548.000001C801D10000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.744526075.0000023BAE170000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.760108318.000002CA7BEE0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.825171186.00000136B1440000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.1023090624.000001A9C7890000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.760094169.000002CA7BED0000.00000004.00000001.sdmp, type: MEMORY |
Source: 12.2.rundll32.exe.1473bb10000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 9.2.rundll32.exe.2332f2d0000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 13.2.rundll32.exe.136b1440000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 1.2.loaddll64.exe.1a9c7ae0000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 4.2.rundll32.exe.23bae180000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 10.2.rundll32.exe.1c801d60000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 5.2.rundll32.exe.2bb4aa80000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 13.2.rundll32.exe.136b1440000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 10.2.rundll32.exe.1c801d10000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 13.2.rundll32.exe.136b1430000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 6.2.rundll32.exe.2ca7bee0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 10.2.rundll32.exe.1c801d60000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 6.2.rundll32.exe.2ca7bed0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 5.2.rundll32.exe.2bb4aa70000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 9.2.rundll32.exe.2332f2c0000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 5.2.rundll32.exe.2bb4aa80000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 12.2.rundll32.exe.1473bb00000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 4.2.rundll32.exe.23bae170000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 1.2.loaddll64.exe.1a9c7890000.0.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 4.2.rundll32.exe.23bae180000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 1.2.loaddll64.exe.1a9c7ae0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 6.2.rundll32.exe.2ca7bee0000.1.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 9.2.rundll32.exe.2332f2d0000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 12.2.rundll32.exe.1473bb10000.1.raw.unpack, type: UNPACKEDPE | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000005.00000002.753734569.000002BB4AA80000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000001.00000002.1023202734.000001A9C7AE0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0000000C.00000002.824770074.000001473BB10000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000005.00000002.753421493.000002BB4AA70000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000004.00000002.744528892.0000023BAE180000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000009.00000002.760340152.000002332F2C0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0000000A.00000002.826876248.000001C801D60000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0000000C.00000002.824761939.000001473BB00000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000009.00000002.760354110.000002332F2D0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0000000D.00000002.825167289.00000136B1430000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0000000A.00000002.826795548.000001C801D10000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000004.00000002.744526075.0000023BAE170000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000006.00000002.760108318.000002CA7BEE0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 0000000D.00000002.825171186.00000136B1440000.00000040.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000001.00000002.1023090624.000001A9C7890000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: 00000006.00000002.760094169.000002CA7BED0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: MAL_IcedId_Core_LDR_202104 date = 2021-04-13, author = Thomas Barabosch, Telekom Security, description = 2021 loader for Bokbot / Icedid core (license.dat), reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240 |
Source: unknown | Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\Giowcosi64.dll" | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",#1 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,DllMain | |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",#1 | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,GeogtrHfbokouxgzMvmrq | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,MabefshhHuruaftdQzntqpmiqf | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",DllMain | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",GeogtrHfbokouxgzMvmrq | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",MabefshhHuruaftdQzntqpmiqf | |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",#1 | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,DllMain | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,GeogtrHfbokouxgzMvmrq | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\Giowcosi64.dll,MabefshhHuruaftdQzntqpmiqf | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",DllMain | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",GeogtrHfbokouxgzMvmrq | Jump to behavior |
Source: C:\Windows\System32\loaddll64.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",MabefshhHuruaftdQzntqpmiqf | Jump to behavior |
Source: C:\Windows\System32\cmd.exe | Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\Giowcosi64.dll",#1 | Jump to behavior |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb10000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2d0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1440000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7ae0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae180000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d60000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa80000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1440000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d10000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1430000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bee0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d60000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bed0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa70000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2c0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa80000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb00000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae170000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7890000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae180000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7ae0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bee0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb10000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000005.00000002.753734569.000002BB4AA80000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.1023202734.000001A9C7AE0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.824770074.000001473BB10000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.753421493.000002BB4AA70000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.744528892.0000023BAE180000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.760340152.000002332F2C0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.826876248.000001C801D60000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.824761939.000001473BB00000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.760354110.000002332F2D0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.825167289.00000136B1430000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.826795548.000001C801D10000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.744526075.0000023BAE170000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.760108318.000002CA7BEE0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.825171186.00000136B1440000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.1023090624.000001A9C7890000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.760094169.000002CA7BED0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb10000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2d0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1440000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7ae0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae180000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d60000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa80000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1440000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d10000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.rundll32.exe.136b1430000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bee0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 10.2.rundll32.exe.1c801d60000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bed0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa70000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2c0000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.rundll32.exe.2bb4aa80000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb00000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae170000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7890000.0.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.2.rundll32.exe.23bae180000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 1.2.loaddll64.exe.1a9c7ae0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.rundll32.exe.2ca7bee0000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 9.2.rundll32.exe.2332f2d0000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 12.2.rundll32.exe.1473bb10000.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000005.00000002.753734569.000002BB4AA80000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.1023202734.000001A9C7AE0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.824770074.000001473BB10000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.753421493.000002BB4AA70000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.744528892.0000023BAE180000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.760340152.000002332F2C0000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.826876248.000001C801D60000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000C.00000002.824761939.000001473BB00000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000009.00000002.760354110.000002332F2D0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.825167289.00000136B1430000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000A.00000002.826795548.000001C801D10000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.744526075.0000023BAE170000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.760108318.000002CA7BEE0000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.825171186.00000136B1440000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000001.00000002.1023090624.000001A9C7890000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.760094169.000002CA7BED0000.00000004.00000001.sdmp, type: MEMORY |