General

  • Target

    16afd901ebf7c0285c8bc26f0188a932.dll

  • Size

    534KB

  • Sample

    220708-t38hbscfe2

  • MD5

    16afd901ebf7c0285c8bc26f0188a932

  • SHA1

    d9f2930247c13e0edfbfd7567e91c92a3a204b9c

  • SHA256

    b2dcfa75a3fd85aea132f787e5f97881806623a5cdaf763d7163e85166850e66

  • SHA512

    c191fd39aa68c075149a4fd97f4c72dae02ae9854fc5fb1a97084fb36312bf3d24c5f612f202c25a8866a38bdc5c14ecbbc27f72a084621c426ad5ea20b41533

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      16afd901ebf7c0285c8bc26f0188a932.dll

    • Size

      534KB

    • MD5

      16afd901ebf7c0285c8bc26f0188a932

    • SHA1

      d9f2930247c13e0edfbfd7567e91c92a3a204b9c

    • SHA256

      b2dcfa75a3fd85aea132f787e5f97881806623a5cdaf763d7163e85166850e66

    • SHA512

      c191fd39aa68c075149a4fd97f4c72dae02ae9854fc5fb1a97084fb36312bf3d24c5f612f202c25a8866a38bdc5c14ecbbc27f72a084621c426ad5ea20b41533

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks