General

  • Target

    am1lo4.dll

  • Size

    147KB

  • Sample

    220719-xeqt6ahcdm

  • MD5

    3398d97c94352cb567d9344e78bfc735

  • SHA1

    3254925274067db862e135606a7c11b2c95b5160

  • SHA256

    8ea96c85a987b4540a1652dd0691510e837397845dd1743e0ad1bf5b9e4833ee

  • SHA512

    1271f6e7000c319714b2142e23a64b40d3c24451e8e9cacb38d8b7b081f4912ce69364229be9d195d2b3dd5021e706e0f18c086e8ae27435933c4886bb655dd7

Malware Config

Extracted

Family

icedid

Campaign

1094353980

C2

aftersunicox.com

Targets

    • Target

      am1lo4.dll

    • Size

      147KB

    • MD5

      3398d97c94352cb567d9344e78bfc735

    • SHA1

      3254925274067db862e135606a7c11b2c95b5160

    • SHA256

      8ea96c85a987b4540a1652dd0691510e837397845dd1743e0ad1bf5b9e4833ee

    • SHA512

      1271f6e7000c319714b2142e23a64b40d3c24451e8e9cacb38d8b7b081f4912ce69364229be9d195d2b3dd5021e706e0f18c086e8ae27435933c4886bb655dd7

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks