General

  • Target

    pt5tal.dll

  • Size

    107KB

  • Sample

    220719-lzdvjsbcf2

  • MD5

    47ab1d050ae1470d89606e0890d4c2ee

  • SHA1

    fb946023b84349e83aa0360183aaa492e0718602

  • SHA256

    61dd6e85f62c82940afed1a8981169c8c8c19fec155588d42faf5785667816da

  • SHA512

    e3d67a438f8a65547a5eadb19b1d92d1842a57bea06631fe40a1cf1edc9f494fa9701660f4a8d9cb3512480f15bb481f1a78c5174cdbabe8dcbaf488030c64c2

Malware Config

Extracted

Family

icedid

Campaign

1195019694

C2

garbagewellduno.com

Targets

    • Target

      pt5tal.dll

    • Size

      107KB

    • MD5

      47ab1d050ae1470d89606e0890d4c2ee

    • SHA1

      fb946023b84349e83aa0360183aaa492e0718602

    • SHA256

      61dd6e85f62c82940afed1a8981169c8c8c19fec155588d42faf5785667816da

    • SHA512

      e3d67a438f8a65547a5eadb19b1d92d1842a57bea06631fe40a1cf1edc9f494fa9701660f4a8d9cb3512480f15bb481f1a78c5174cdbabe8dcbaf488030c64c2

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks