General

  • Target

    7ca6c18f788399f6e7f8634a47873b99.dll

  • Size

    536KB

  • Sample

    220708-l175sabeek

  • MD5

    7ca6c18f788399f6e7f8634a47873b99

  • SHA1

    cf6fcfaa0c7f57f019e15e81b3c85e7a071b0d91

  • SHA256

    a228f2a0cf4ef0dd4b891b67731dc5ed662c391ee738dafa4fe729e0891d30ae

  • SHA512

    c4ae9d65afb6af18d33f76128e348c337b40a74799d9d6a8f548e6c21779506090ec24a33d70f61e905f7c25155ebffd1e33b0c160c25a241c8ccebf98a68ed9

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      7ca6c18f788399f6e7f8634a47873b99.dll

    • Size

      536KB

    • MD5

      7ca6c18f788399f6e7f8634a47873b99

    • SHA1

      cf6fcfaa0c7f57f019e15e81b3c85e7a071b0d91

    • SHA256

      a228f2a0cf4ef0dd4b891b67731dc5ed662c391ee738dafa4fe729e0891d30ae

    • SHA512

      c4ae9d65afb6af18d33f76128e348c337b40a74799d9d6a8f548e6c21779506090ec24a33d70f61e905f7c25155ebffd1e33b0c160c25a241c8ccebf98a68ed9

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks