General

  • Target

    b4ramo.dll

  • Size

    174KB

  • Sample

    220722-bkat8sbgck

  • MD5

    dc67e3902cc58984f09d70455eb8453a

  • SHA1

    3b3f718c26cf1eabee1dd7ba184bdf00faa6d539

  • SHA256

    2506828b3cafa17efe3342a99fec0d6ba4afd79e6ce8a50cdd7e022133ac799d

  • SHA512

    bcaf5eb46cacd868b8a087a1d22eccb7c344244042584341bbc1b00a1e31bedb04fe509054eddd7d405000cfb223c8daaa71adfc57ede86ddebb99b782f32765

Malware Config

Extracted

Family

icedid

Campaign

4182822218

C2

explorblins.com

Targets

    • Target

      b4ramo.dll

    • Size

      174KB

    • MD5

      dc67e3902cc58984f09d70455eb8453a

    • SHA1

      3b3f718c26cf1eabee1dd7ba184bdf00faa6d539

    • SHA256

      2506828b3cafa17efe3342a99fec0d6ba4afd79e6ce8a50cdd7e022133ac799d

    • SHA512

      bcaf5eb46cacd868b8a087a1d22eccb7c344244042584341bbc1b00a1e31bedb04fe509054eddd7d405000cfb223c8daaa71adfc57ede86ddebb99b782f32765

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks