General

  • Target

    e47371b98ede7e2f6997204ae4aad108.dll

  • Size

    534KB

  • Sample

    220708-lba4rabagr

  • MD5

    e47371b98ede7e2f6997204ae4aad108

  • SHA1

    d4df8aac94a0f95ea758170cf7f312d44d2e46f9

  • SHA256

    1b094b78519b85673dcb4599891f9bff79e1dc4395904f097f9d5927af04d12f

  • SHA512

    7010093c2b6b816ee96a0f97e7a8250c43963e905aa59a4b873ba49f89ddd71b70011b6e84cf44bc395c418d62a704d0c52705d2c87f0e8d47222054bb915619

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      e47371b98ede7e2f6997204ae4aad108.dll

    • Size

      534KB

    • MD5

      e47371b98ede7e2f6997204ae4aad108

    • SHA1

      d4df8aac94a0f95ea758170cf7f312d44d2e46f9

    • SHA256

      1b094b78519b85673dcb4599891f9bff79e1dc4395904f097f9d5927af04d12f

    • SHA512

      7010093c2b6b816ee96a0f97e7a8250c43963e905aa59a4b873ba49f89ddd71b70011b6e84cf44bc395c418d62a704d0c52705d2c87f0e8d47222054bb915619

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks