General

  • Target

    UKah6x65xQ.dll

  • Size

    714KB

  • Sample

    220526-t7t6hahafn

  • MD5

    e83718709032469c8db41c8e7a7bec66

  • SHA1

    074ee45eb9799eae90c4fe0b77f4fbc3020b13f3

  • SHA256

    9abc520e828d8aaba25bd5ebf4b8aef2b11ca46841552339ae511f393d5c76f4

  • SHA512

    a59bdd55301b0013469e5c0bc6d81151918a9512a0a893343d45ce3ccd79a2da546a728e863cf4f0755712396d46c4015ceffdb16fb4eb0607a319b8f679cf7b

Malware Config

Extracted

Family

icedid

Campaign

2576683783

C2

ilekvoyn.com

Targets

    • Target

      UKah6x65xQ.dll

    • Size

      714KB

    • MD5

      e83718709032469c8db41c8e7a7bec66

    • SHA1

      074ee45eb9799eae90c4fe0b77f4fbc3020b13f3

    • SHA256

      9abc520e828d8aaba25bd5ebf4b8aef2b11ca46841552339ae511f393d5c76f4

    • SHA512

      a59bdd55301b0013469e5c0bc6d81151918a9512a0a893343d45ce3ccd79a2da546a728e863cf4f0755712396d46c4015ceffdb16fb4eb0607a319b8f679cf7b

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks