General

  • Target

    r7kom.dll

  • Size

    450KB

  • Sample

    220628-xw4gksbgel

  • MD5

    3be46ad85ecaf1586a685b12a41bd488

  • SHA1

    0ed3ea1b5a3327bdb8371a084ba2b0d21c34c4e5

  • SHA256

    cb7c0d26b206c26f48a3c38a03e184fd9c0aee83f47047c67daff5c754bdf928

  • SHA512

    12ebf549ce7790b121c71e138878b5f6b4f9b53c3c9c460e40fdf493a96c00987b1252d2f011c4e38b984f7a2cfccce1046e0c5f6b8b04855d86aa1de890fe74

Malware Config

Extracted

Family

icedid

Campaign

3568430872

C2

alionavon.com

Targets

    • Target

      r7kom.dll

    • Size

      450KB

    • MD5

      3be46ad85ecaf1586a685b12a41bd488

    • SHA1

      0ed3ea1b5a3327bdb8371a084ba2b0d21c34c4e5

    • SHA256

      cb7c0d26b206c26f48a3c38a03e184fd9c0aee83f47047c67daff5c754bdf928

    • SHA512

      12ebf549ce7790b121c71e138878b5f6b4f9b53c3c9c460e40fdf493a96c00987b1252d2f011c4e38b984f7a2cfccce1046e0c5f6b8b04855d86aa1de890fe74

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks