General

  • Target

    4cd59e96e0a83fa60787a9452eb69a72.dll

  • Size

    534KB

  • Sample

    220708-m7d1ysead5

  • MD5

    4cd59e96e0a83fa60787a9452eb69a72

  • SHA1

    0b0ae313700eae7f9c6a65a181454fb52870946c

  • SHA256

    26b408e3bb2f687b2aea80605ab97839364e6465897edc9082c31a032d810771

  • SHA512

    59b62a7a458a8c36775d55531b4aece8c7be0c1a7b570040afe81a1d4957be2356114de7f7c1b4c9f6ec3d5264ca3273e4d03ab8de614f9b32dc7006ff1c5b1d

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      4cd59e96e0a83fa60787a9452eb69a72.dll

    • Size

      534KB

    • MD5

      4cd59e96e0a83fa60787a9452eb69a72

    • SHA1

      0b0ae313700eae7f9c6a65a181454fb52870946c

    • SHA256

      26b408e3bb2f687b2aea80605ab97839364e6465897edc9082c31a032d810771

    • SHA512

      59b62a7a458a8c36775d55531b4aece8c7be0c1a7b570040afe81a1d4957be2356114de7f7c1b4c9f6ec3d5264ca3273e4d03ab8de614f9b32dc7006ff1c5b1d

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks