General

  • Target

    r7kom.dll

  • Size

    450KB

  • Sample

    220628-wkq7fadah4

  • MD5

    e4a25cb6b9f293191bc0ad3deffe5d4a

  • SHA1

    485394d8879e792bc2714d94d7cffba1625c8898

  • SHA256

    062845e88b9be24186a4024401448343538f7710bf15841fea92d1a990e74663

  • SHA512

    717768dffc2425ac6ec5f057208f03fb43894045f8ca9672bd8568a895bef9e5500b30b5d9f5c4aac3cc8decd5d0557f0cd4d5d7234981815edca8aa79ca059d

Malware Config

Extracted

Family

icedid

Campaign

3568430872

C2

alionavon.com

Targets

    • Target

      r7kom.dll

    • Size

      450KB

    • MD5

      e4a25cb6b9f293191bc0ad3deffe5d4a

    • SHA1

      485394d8879e792bc2714d94d7cffba1625c8898

    • SHA256

      062845e88b9be24186a4024401448343538f7710bf15841fea92d1a990e74663

    • SHA512

      717768dffc2425ac6ec5f057208f03fb43894045f8ca9672bd8568a895bef9e5500b30b5d9f5c4aac3cc8decd5d0557f0cd4d5d7234981815edca8aa79ca059d

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks