General

  • Target

    a6740ee62e888e60a053a288bab579c0.dll

  • Size

    534KB

  • Sample

    220708-tf8vkshabr

  • MD5

    a6740ee62e888e60a053a288bab579c0

  • SHA1

    b13d50a09376d1e0a18d3e262bf75de1ab25e398

  • SHA256

    bf7f21fd5cc6b3a679094a421d8c84e8cebdc6da0cba5464c85b38f21ee9e832

  • SHA512

    764eaf5157e4dd41e334e79ab12009804009530b867aabd0e7d73eb9115415af0a6f97bdd27324452d4ce5cafbb61fbee90004f9c8e5fa348c6a945f1de79785

Malware Config

Extracted

Family

icedid

Campaign

227378761

C2

blionarywesta.com

Targets

    • Target

      a6740ee62e888e60a053a288bab579c0.dll

    • Size

      534KB

    • MD5

      a6740ee62e888e60a053a288bab579c0

    • SHA1

      b13d50a09376d1e0a18d3e262bf75de1ab25e398

    • SHA256

      bf7f21fd5cc6b3a679094a421d8c84e8cebdc6da0cba5464c85b38f21ee9e832

    • SHA512

      764eaf5157e4dd41e334e79ab12009804009530b867aabd0e7d73eb9115415af0a6f97bdd27324452d4ce5cafbb61fbee90004f9c8e5fa348c6a945f1de79785

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks