General

  • Target

    0d90904c2f8cfd2d8aa5401c3eba4f2f.dll

  • Size

    534KB

  • Sample

    220708-q2y1qafah5

  • MD5

    0d90904c2f8cfd2d8aa5401c3eba4f2f

  • SHA1

    fa1e69c1522c47c733217cb8d643618a18e2ce6e

  • SHA256

    8ed47e372bf804029a1106b75d2ff84c2d04deb4042e2d46f0c1df5ab05940c4

  • SHA512

    e83c63e0962097ec04c7e6473b100d1bb160fa858e58ee589182497f8fb3035ed7691f30e8d0e7ee6822071c3e177918fb0414df101b90d5a726a037a39dd999

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      0d90904c2f8cfd2d8aa5401c3eba4f2f.dll

    • Size

      534KB

    • MD5

      0d90904c2f8cfd2d8aa5401c3eba4f2f

    • SHA1

      fa1e69c1522c47c733217cb8d643618a18e2ce6e

    • SHA256

      8ed47e372bf804029a1106b75d2ff84c2d04deb4042e2d46f0c1df5ab05940c4

    • SHA512

      e83c63e0962097ec04c7e6473b100d1bb160fa858e58ee589182497f8fb3035ed7691f30e8d0e7ee6822071c3e177918fb0414df101b90d5a726a037a39dd999

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks