General

  • Target

    b4ramo.dll

  • Size

    179KB

  • Sample

    220720-s31l2shef8

  • MD5

    ceca6e5bf97cd7f3511764ed1d180702

  • SHA1

    72324eebf9f558933a14e0613abfd2b48dc06590

  • SHA256

    77c3de1c2a5ced907159777ff648c2a1f3c4bdb8b6a9fbc9d06c76d8e6cb2c8d

  • SHA512

    968b05564d8aa85c7dba43c33fe7f1ec07629d012aa1b5b339744bf99a4e31ab0ff5eb78b3dc7315f91bd5b361482b2073b820b79f0568b7a226744f909eb61a

Malware Config

Extracted

Family

icedid

Campaign

4182822218

C2

explorblins.com

Targets

    • Target

      b4ramo.dll

    • Size

      179KB

    • MD5

      ceca6e5bf97cd7f3511764ed1d180702

    • SHA1

      72324eebf9f558933a14e0613abfd2b48dc06590

    • SHA256

      77c3de1c2a5ced907159777ff648c2a1f3c4bdb8b6a9fbc9d06c76d8e6cb2c8d

    • SHA512

      968b05564d8aa85c7dba43c33fe7f1ec07629d012aa1b5b339744bf99a4e31ab0ff5eb78b3dc7315f91bd5b361482b2073b820b79f0568b7a226744f909eb61a

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks