General

  • Target

    powPowLike.jpg.dll

  • Size

    251KB

  • Sample

    211201-1yfp3sgdam

  • MD5

    66c83dab8a955502e979e0ba02c98cf9

  • SHA1

    efb731305004457cf3f2698a260d96c784a22adb

  • SHA256

    9385db8c3d2cfa98e87d97dbce2df036d3ac2c4d797930f6d400db5b1d4028ec

  • SHA512

    e610bf7febfe90191919060dee9a1a2fc0dd1894ea569a9e3a9c4f9ae9c5d6d3eee65c949a587545dddcd84664dfd8f8df482611e3f9540efebffc5ba5afd7a7

Malware Config

Extracted

Family

icedid

Campaign

1892568649

C2

normyils.com

Targets

    • Target

      powPowLike.jpg.dll

    • Size

      251KB

    • MD5

      66c83dab8a955502e979e0ba02c98cf9

    • SHA1

      efb731305004457cf3f2698a260d96c784a22adb

    • SHA256

      9385db8c3d2cfa98e87d97dbce2df036d3ac2c4d797930f6d400db5b1d4028ec

    • SHA512

      e610bf7febfe90191919060dee9a1a2fc0dd1894ea569a9e3a9c4f9ae9c5d6d3eee65c949a587545dddcd84664dfd8f8df482611e3f9540efebffc5ba5afd7a7

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

MITRE ATT&CK Matrix

Tasks