General

  • Target

    a7b3a8a01466789c161980cfa2451b37.dll

  • Size

    534KB

  • Sample

    220708-nmpsdscagr

  • MD5

    a7b3a8a01466789c161980cfa2451b37

  • SHA1

    038334057d60e55c0b284d91927a06c124f743e4

  • SHA256

    1e26bf4e8b63935ea890900c03b64d4d5762f99e9bb6899a541ec10785a587a3

  • SHA512

    4fcc94fa42c28665495b64c31a89feea5548e473b35762271ff9a13bfca3e895e7ba12e1cc085a7ddcf5118f9231f4fe9cc20d05ca47b245d0a3fd57d9877837

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      a7b3a8a01466789c161980cfa2451b37.dll

    • Size

      534KB

    • MD5

      a7b3a8a01466789c161980cfa2451b37

    • SHA1

      038334057d60e55c0b284d91927a06c124f743e4

    • SHA256

      1e26bf4e8b63935ea890900c03b64d4d5762f99e9bb6899a541ec10785a587a3

    • SHA512

      4fcc94fa42c28665495b64c31a89feea5548e473b35762271ff9a13bfca3e895e7ba12e1cc085a7ddcf5118f9231f4fe9cc20d05ca47b245d0a3fd57d9877837

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks