General

  • Target

    247eb6aeb8411cd02baa258a26a4d1e4.dll

  • Size

    424KB

  • Sample

    220704-xn7t2acgf6

  • MD5

    247eb6aeb8411cd02baa258a26a4d1e4

  • SHA1

    b700269967b71e08bc865ec53d2d11d363d4f4f6

  • SHA256

    dd6478b230393007b0382ed3cd17c19d4bb2a9ab1fad6a051503768bceb1c240

  • SHA512

    45e9fa3b62bc9b311071b7b875d7fb26ca32437fd3d9ae96de363640be6f8926ac836ccf919218e6e05030b3f33c0cd9711b5d29a65326b217f8ed9cd71e8cb8

Malware Config

Extracted

Family

icedid

Campaign

3635541348

C2

piponareatna.com

Targets

    • Target

      247eb6aeb8411cd02baa258a26a4d1e4.dll

    • Size

      424KB

    • MD5

      247eb6aeb8411cd02baa258a26a4d1e4

    • SHA1

      b700269967b71e08bc865ec53d2d11d363d4f4f6

    • SHA256

      dd6478b230393007b0382ed3cd17c19d4bb2a9ab1fad6a051503768bceb1c240

    • SHA512

      45e9fa3b62bc9b311071b7b875d7fb26ca32437fd3d9ae96de363640be6f8926ac836ccf919218e6e05030b3f33c0cd9711b5d29a65326b217f8ed9cd71e8cb8

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks