General

  • Target

    06812138cb08bf9e73abe0e599bb1dfb.dll

  • Size

    534KB

  • Sample

    220708-k5la5scgf6

  • MD5

    06812138cb08bf9e73abe0e599bb1dfb

  • SHA1

    bba82b410a5fcc8b8038162bbe428e65cb597f8b

  • SHA256

    77454bcf7f3d6ad457f4d15493a72b37a57936afbe0e185a84b1cb8abdc5c24f

  • SHA512

    9c4138c36a623d6e6075d8222464de1e2234370c773be0b0dbe90d559f3604d0d5c7c2c088d182275885ae1bc48e371e82ff5ab17b577d909d03e469d0283daa

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      06812138cb08bf9e73abe0e599bb1dfb.dll

    • Size

      534KB

    • MD5

      06812138cb08bf9e73abe0e599bb1dfb

    • SHA1

      bba82b410a5fcc8b8038162bbe428e65cb597f8b

    • SHA256

      77454bcf7f3d6ad457f4d15493a72b37a57936afbe0e185a84b1cb8abdc5c24f

    • SHA512

      9c4138c36a623d6e6075d8222464de1e2234370c773be0b0dbe90d559f3604d0d5c7c2c088d182275885ae1bc48e371e82ff5ab17b577d909d03e469d0283daa

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks