General

  • Target

    a3326e22e15e1f2663516f58a09387a6.dll

  • Size

    534KB

  • Sample

    220708-qhsdtsegh4

  • MD5

    a3326e22e15e1f2663516f58a09387a6

  • SHA1

    b4745de7cb323adc25f6ff12be2c063a1f173c5d

  • SHA256

    861794d4d2ffb50b10fcd29f864b2c8b7da5e82d0626e5bf83f2db0bce74c7ce

  • SHA512

    b01474cf6017a8a57b1230b6dee9843fc9a2b602ae497fb3c1ef50d97a16aeb82fc7fb2af81247637ea9cd9b714ae736fad67cd74f7e008e1831a30fac5e338e

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      a3326e22e15e1f2663516f58a09387a6.dll

    • Size

      534KB

    • MD5

      a3326e22e15e1f2663516f58a09387a6

    • SHA1

      b4745de7cb323adc25f6ff12be2c063a1f173c5d

    • SHA256

      861794d4d2ffb50b10fcd29f864b2c8b7da5e82d0626e5bf83f2db0bce74c7ce

    • SHA512

      b01474cf6017a8a57b1230b6dee9843fc9a2b602ae497fb3c1ef50d97a16aeb82fc7fb2af81247637ea9cd9b714ae736fad67cd74f7e008e1831a30fac5e338e

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks