General

  • Target

    49c0e1398dec485cc011ec08016850be.dll

  • Size

    480KB

  • Sample

    220605-kkt3jshde5

  • MD5

    49c0e1398dec485cc011ec08016850be

  • SHA1

    3c9a297e36de397a7966d6c4c1013bcd5a26ac1e

  • SHA256

    a0052b5fe74778e9d7274a8c2a5c448ccb002a1dd9c53564a40a60d8d62726d3

  • SHA512

    7d26ada8796414a012a454ceeec9470821960549edcd6a6fb7ba79c2e34ccbed6a7e5842f2502471c8de71a0fd158f651ee130e41e210cab3e45c5f55d44361f

Malware Config

Extracted

Family

icedid

Campaign

2581925242

C2

uleoballs.com

Targets

    • Target

      49c0e1398dec485cc011ec08016850be.dll

    • Size

      480KB

    • MD5

      49c0e1398dec485cc011ec08016850be

    • SHA1

      3c9a297e36de397a7966d6c4c1013bcd5a26ac1e

    • SHA256

      a0052b5fe74778e9d7274a8c2a5c448ccb002a1dd9c53564a40a60d8d62726d3

    • SHA512

      7d26ada8796414a012a454ceeec9470821960549edcd6a6fb7ba79c2e34ccbed6a7e5842f2502471c8de71a0fd158f651ee130e41e210cab3e45c5f55d44361f

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks