General

  • Target

    at5nom.dll

  • Size

    62KB

  • Sample

    220719-xpjtlahhaj

  • MD5

    fe9acde48f116039bdd9731886ef8afb

  • SHA1

    8bc9800520d648e0a3e079b5750a250934096e26

  • SHA256

    7e7c75ae21780cac1c5dfa04db006526d261b89e21fcbf2f59d0378e91ea4ef0

  • SHA512

    b01d800fb2f8cfaeb5a750af5808b9a00e71515fa6f1c6735c91c6ad5375a5ba347187bc3ccc72e2900a364bc5575f7a023096ddb1c52791506c1e78d7ce4f39

Malware Config

Extracted

Family

icedid

Campaign

1211797313

C2

alldogsedag.com

Targets

    • Target

      at5nom.dll

    • Size

      62KB

    • MD5

      fe9acde48f116039bdd9731886ef8afb

    • SHA1

      8bc9800520d648e0a3e079b5750a250934096e26

    • SHA256

      7e7c75ae21780cac1c5dfa04db006526d261b89e21fcbf2f59d0378e91ea4ef0

    • SHA512

      b01d800fb2f8cfaeb5a750af5808b9a00e71515fa6f1c6735c91c6ad5375a5ba347187bc3ccc72e2900a364bc5575f7a023096ddb1c52791506c1e78d7ce4f39

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks