General

  • Target

    e21f7bb60429f3a01b42b1fecd10217b.dll

  • Size

    536KB

  • Sample

    220708-mkc55sdgf2

  • MD5

    e21f7bb60429f3a01b42b1fecd10217b

  • SHA1

    b61570bd184a3aeadd27e0b6dab574431113ee27

  • SHA256

    683e585907e12f5960d5f25429f36f89b39eaf2ba598cab481e7efc46a9372f2

  • SHA512

    d3383e5d533a9d96ddd894d1e950b7bf3d7b0a2f2a16b5aded823462381dfd164333a9666985a5992337fd2f96f08338f39441b4800f7a9ea7fea165412ef35a

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      e21f7bb60429f3a01b42b1fecd10217b.dll

    • Size

      536KB

    • MD5

      e21f7bb60429f3a01b42b1fecd10217b

    • SHA1

      b61570bd184a3aeadd27e0b6dab574431113ee27

    • SHA256

      683e585907e12f5960d5f25429f36f89b39eaf2ba598cab481e7efc46a9372f2

    • SHA512

      d3383e5d533a9d96ddd894d1e950b7bf3d7b0a2f2a16b5aded823462381dfd164333a9666985a5992337fd2f96f08338f39441b4800f7a9ea7fea165412ef35a

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks