General

  • Target

    0ba64b712ab7f291630e213f19ed1e0edab924b24bcb3be4090195c6824f3996

  • Size

    56KB

  • Sample

    220718-nw1agscaa7

  • MD5

    ba30ea6477c7a8bcb33435cf98145dac

  • SHA1

    ca8f583daa6dc34d0f4fd597a79f7c11b2d69cdd

  • SHA256

    0ba64b712ab7f291630e213f19ed1e0edab924b24bcb3be4090195c6824f3996

  • SHA512

    e086f5bfd73f0f6ac24d58e91563b29992b543ed3c829dc2f9904f91bcacc0e9a0f170881fe35fb42437e7ef4002320f638fc692f2bcc3f05d6beb0e44642b0f

Malware Config

Extracted

Family

icedid

Campaign

294489237

C2

alldogsedag.com

Targets

    • Target

      0ba64b712ab7f291630e213f19ed1e0edab924b24bcb3be4090195c6824f3996

    • Size

      56KB

    • MD5

      ba30ea6477c7a8bcb33435cf98145dac

    • SHA1

      ca8f583daa6dc34d0f4fd597a79f7c11b2d69cdd

    • SHA256

      0ba64b712ab7f291630e213f19ed1e0edab924b24bcb3be4090195c6824f3996

    • SHA512

      e086f5bfd73f0f6ac24d58e91563b29992b543ed3c829dc2f9904f91bcacc0e9a0f170881fe35fb42437e7ef4002320f638fc692f2bcc3f05d6beb0e44642b0f

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks