General

  • Target

    pg5rto.dll

  • Size

    96KB

  • Sample

    220719-wvnjasggcq

  • MD5

    618f77ebe233caab910612906057982a

  • SHA1

    741f3549922fd1e599885b4ea23626a77b7902a1

  • SHA256

    6c3c1aa620cf803511bc190114abd0bf54a974f29ead93c5cf7d077734385c23

  • SHA512

    1f783c46f4a28727c5383680474d8dbe38dd8a93329c2ae72f0389d76dcf1f828562a24ac9f4f4cef032cdbab066f96a2b08ae1e462efd63690f3b6ef5db87aa

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      pg5rto.dll

    • Size

      96KB

    • MD5

      618f77ebe233caab910612906057982a

    • SHA1

      741f3549922fd1e599885b4ea23626a77b7902a1

    • SHA256

      6c3c1aa620cf803511bc190114abd0bf54a974f29ead93c5cf7d077734385c23

    • SHA512

      1f783c46f4a28727c5383680474d8dbe38dd8a93329c2ae72f0389d76dcf1f828562a24ac9f4f4cef032cdbab066f96a2b08ae1e462efd63690f3b6ef5db87aa

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks