General

  • Target

    9c0f8c4cf574c24e616b0cf2281f9d7a.dll

  • Size

    534KB

  • Sample

    220708-rvpddagac2

  • MD5

    9c0f8c4cf574c24e616b0cf2281f9d7a

  • SHA1

    16ca3715ee00aa814a7af1971dbe75e481a93e46

  • SHA256

    372a4b6ae0d12f245a76c78288e338ae32acb08347167b319dad7ce40e171435

  • SHA512

    4dca15b1628f8c4d8a3b71a9557ee8270da8993d788489ff06ee895904b2feec4145a5b9a3f85faacaa4428650901e18684f123ce1098938114fab5ae8fa805f

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      9c0f8c4cf574c24e616b0cf2281f9d7a.dll

    • Size

      534KB

    • MD5

      9c0f8c4cf574c24e616b0cf2281f9d7a

    • SHA1

      16ca3715ee00aa814a7af1971dbe75e481a93e46

    • SHA256

      372a4b6ae0d12f245a76c78288e338ae32acb08347167b319dad7ce40e171435

    • SHA512

      4dca15b1628f8c4d8a3b71a9557ee8270da8993d788489ff06ee895904b2feec4145a5b9a3f85faacaa4428650901e18684f123ce1098938114fab5ae8fa805f

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks