General

  • Target

    99708826960a3034c6876675e18a4acbc6f08f422ddd2283d2ffd7b293b9a671

  • Size

    56KB

  • Sample

    220718-nqh41sbhd7

  • MD5

    1567909f8e45c8b13e18a66a0929f69f

  • SHA1

    46e0599ad6eeb6ad53d844cec4a29941f3f1149b

  • SHA256

    99708826960a3034c6876675e18a4acbc6f08f422ddd2283d2ffd7b293b9a671

  • SHA512

    e260ae04841bb534698169a2c431f7a982d8c466dcc52ad0d4ea2e6b2ca4a6590209719ce132d8f6ad931a1fb9794cf0825fabce8c974cdfad776eab3f0aaac7

Malware Config

Extracted

Family

icedid

Campaign

294489237

C2

alldogsedag.com

Targets

    • Target

      99708826960a3034c6876675e18a4acbc6f08f422ddd2283d2ffd7b293b9a671

    • Size

      56KB

    • MD5

      1567909f8e45c8b13e18a66a0929f69f

    • SHA1

      46e0599ad6eeb6ad53d844cec4a29941f3f1149b

    • SHA256

      99708826960a3034c6876675e18a4acbc6f08f422ddd2283d2ffd7b293b9a671

    • SHA512

      e260ae04841bb534698169a2c431f7a982d8c466dcc52ad0d4ea2e6b2ca4a6590209719ce132d8f6ad931a1fb9794cf0825fabce8c974cdfad776eab3f0aaac7

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks