General

  • Target

    27e21881baa9d1dd6b89e91666731a25.dll

  • Size

    675KB

  • Sample

    220710-m4jr2adff8

  • MD5

    27e21881baa9d1dd6b89e91666731a25

  • SHA1

    bc60070073ada623c93049b401778b637b54db1e

  • SHA256

    e9361c617b97660169f184cad0dbb529a0ff6c3b875c025da41acd3b8f140002

  • SHA512

    bc4dbd09fc0a3fe73d21ddc1d5510e6255f2eeda39d81bdf4f46e6f5cfd25a5a551b82a2cd0cc324bb52f9ac62bbf0b48fbf6ae656f4a3f0e9f4c33b6a1ed87d

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Targets

    • Target

      27e21881baa9d1dd6b89e91666731a25.dll

    • Size

      675KB

    • MD5

      27e21881baa9d1dd6b89e91666731a25

    • SHA1

      bc60070073ada623c93049b401778b637b54db1e

    • SHA256

      e9361c617b97660169f184cad0dbb529a0ff6c3b875c025da41acd3b8f140002

    • SHA512

      bc4dbd09fc0a3fe73d21ddc1d5510e6255f2eeda39d81bdf4f46e6f5cfd25a5a551b82a2cd0cc324bb52f9ac62bbf0b48fbf6ae656f4a3f0e9f4c33b6a1ed87d

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks