General

  • Target

    a81cef1280b3314645bac54074fe0ece.dll

  • Size

    534KB

  • Sample

    220708-pffrksedg8

  • MD5

    a81cef1280b3314645bac54074fe0ece

  • SHA1

    ae483f6dbbac9d7f510899a13919b4c571e3c298

  • SHA256

    ac99a2a3f829ab24a91d830fa8e1b2cfc869587d11f3b2b79f11ae4bf23e43b2

  • SHA512

    3620003143468abab82dd2741197b4edefc0c5b0c51cd7d69ded916c8f311535f6f0e7311f17627f298c5d2ef7f821d46b56f32c1bc87b4c960d7292840a2c5e

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      a81cef1280b3314645bac54074fe0ece.dll

    • Size

      534KB

    • MD5

      a81cef1280b3314645bac54074fe0ece

    • SHA1

      ae483f6dbbac9d7f510899a13919b4c571e3c298

    • SHA256

      ac99a2a3f829ab24a91d830fa8e1b2cfc869587d11f3b2b79f11ae4bf23e43b2

    • SHA512

      3620003143468abab82dd2741197b4edefc0c5b0c51cd7d69ded916c8f311535f6f0e7311f17627f298c5d2ef7f821d46b56f32c1bc87b4c960d7292840a2c5e

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks