General

  • Target

    ker3p.dll

  • Size

    423KB

  • Sample

    220630-xm2xdsafh7

  • MD5

    07bf6ed2925a5de021ae42646d92c0af

  • SHA1

    f84746eef4dc16745a6bc1504d4652ee3424ab01

  • SHA256

    22443598172a6127561fc05dfddeebf40056cec898fa50ca8ac5c5c11081e848

  • SHA512

    5cbf8a8de5b71639411dd37e0b132464bbd795fc1a40d1ce8eabe56d6a222d7bda61931dea684622f0b1fe1fff459f13d81504b93c4c5fd6d7f9e3d530853bf5

Malware Config

Extracted

Family

icedid

Campaign

3635541348

C2

piponareatna.com

Targets

    • Target

      ker3p.dll

    • Size

      423KB

    • MD5

      07bf6ed2925a5de021ae42646d92c0af

    • SHA1

      f84746eef4dc16745a6bc1504d4652ee3424ab01

    • SHA256

      22443598172a6127561fc05dfddeebf40056cec898fa50ca8ac5c5c11081e848

    • SHA512

      5cbf8a8de5b71639411dd37e0b132464bbd795fc1a40d1ce8eabe56d6a222d7bda61931dea684622f0b1fe1fff459f13d81504b93c4c5fd6d7f9e3d530853bf5

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks