General

  • Target

    e497b1492d53bda1e1d792c8d8a6ab33.dll

  • Size

    534KB

  • Sample

    220708-n6v4hseda8

  • MD5

    e497b1492d53bda1e1d792c8d8a6ab33

  • SHA1

    4496b3283b298087d31cd3a6e4f328afebc30fb1

  • SHA256

    baa01161b20d3c9355387b7fa6776f8f888a2fa66f078397a704d8f68c562fde

  • SHA512

    79c21bf17aaacde85e56f3e5a4c8e07086a7e3bafce876236672769b3b8aff6ee810c742dc7a106292bb451f2375c8f067b2a3d9215ba1a4cba6f730b79ce771

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      e497b1492d53bda1e1d792c8d8a6ab33.dll

    • Size

      534KB

    • MD5

      e497b1492d53bda1e1d792c8d8a6ab33

    • SHA1

      4496b3283b298087d31cd3a6e4f328afebc30fb1

    • SHA256

      baa01161b20d3c9355387b7fa6776f8f888a2fa66f078397a704d8f68c562fde

    • SHA512

      79c21bf17aaacde85e56f3e5a4c8e07086a7e3bafce876236672769b3b8aff6ee810c742dc7a106292bb451f2375c8f067b2a3d9215ba1a4cba6f730b79ce771

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks