General

  • Target

    triage_dropped_file

  • Size

    534KB

  • Sample

    220707-tdb3tsbhe3

  • MD5

    e73bd08a80f0dd8a1a8689b11646f27e

  • SHA1

    76e2a4b1ca29d162802fb9a034cb99b4e30a31b3

  • SHA256

    01028a8efcec87d9eafe0ce85b8e968e1df97562f2a5e612e5ff92436706684f

  • SHA512

    6400582634591ff07fc4fc6dd87745d4528fb7cf6ca6524380a437ac6a20644e3d0f1bc86a367d33c17cabf2dd04a8f7fac05402aaf937807342cc421c9aaf15

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      triage_dropped_file

    • Size

      534KB

    • MD5

      e73bd08a80f0dd8a1a8689b11646f27e

    • SHA1

      76e2a4b1ca29d162802fb9a034cb99b4e30a31b3

    • SHA256

      01028a8efcec87d9eafe0ce85b8e968e1df97562f2a5e612e5ff92436706684f

    • SHA512

      6400582634591ff07fc4fc6dd87745d4528fb7cf6ca6524380a437ac6a20644e3d0f1bc86a367d33c17cabf2dd04a8f7fac05402aaf937807342cc421c9aaf15

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks