General

  • Target

    142a3728163f77b549c0fc8d992f174f.dll

  • Size

    424KB

  • Sample

    220704-xel6zaagar

  • MD5

    142a3728163f77b549c0fc8d992f174f

  • SHA1

    b62cf796be55d8358a1f8084139416ac44e4200b

  • SHA256

    5c09475656153526e907694394641f8126d57176e8d4a4aecb52731c7136e630

  • SHA512

    557e9f0883138118f3ee5e19aa090e26abe1c80d73a9d791c9362093a9f6b52fe85e29009fd327bf143fee7d6579aa25bfa13614ab54a9b9f8cc872770f46ac4

Malware Config

Extracted

Family

icedid

Campaign

3635541348

C2

piponareatna.com

Targets

    • Target

      142a3728163f77b549c0fc8d992f174f.dll

    • Size

      424KB

    • MD5

      142a3728163f77b549c0fc8d992f174f

    • SHA1

      b62cf796be55d8358a1f8084139416ac44e4200b

    • SHA256

      5c09475656153526e907694394641f8126d57176e8d4a4aecb52731c7136e630

    • SHA512

      557e9f0883138118f3ee5e19aa090e26abe1c80d73a9d791c9362093a9f6b52fe85e29009fd327bf143fee7d6579aa25bfa13614ab54a9b9f8cc872770f46ac4

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks