General

  • Target

    43bc947bd8849f8f4b0d0626b88eea7e.dll

  • Size

    671KB

  • Sample

    220710-mm8d3abaek

  • MD5

    43bc947bd8849f8f4b0d0626b88eea7e

  • SHA1

    5cccc29cdad921c2a755c856922d61ab5dbee966

  • SHA256

    4c9abe0afdebd672666be2be89e7525fee09f58628f5568afd1212e978fa0d20

  • SHA512

    6c06c8a97159fd7ba58090ed5324d4f379ba2b062ecb07906f027d20074a1b607acdff48187b0d68f6422213b37c38bb9a772d7805711b931d92be8d6a6245ff

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Targets

    • Target

      43bc947bd8849f8f4b0d0626b88eea7e.dll

    • Size

      671KB

    • MD5

      43bc947bd8849f8f4b0d0626b88eea7e

    • SHA1

      5cccc29cdad921c2a755c856922d61ab5dbee966

    • SHA256

      4c9abe0afdebd672666be2be89e7525fee09f58628f5568afd1212e978fa0d20

    • SHA512

      6c06c8a97159fd7ba58090ed5324d4f379ba2b062ecb07906f027d20074a1b607acdff48187b0d68f6422213b37c38bb9a772d7805711b931d92be8d6a6245ff

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks