General

  • Target

    soaQ2v1G.dll

  • Size

    59KB

  • Sample

    220722-wpl4aaghe4

  • MD5

    6e9c3f73b2baa8bb5058305bbfb8db6c

  • SHA1

    c67b68454b1b391c1f2b58dad817134ec5c0aeca

  • SHA256

    4739101e48410b4287d2e8cf4e5b208395d922e710be71f39437d379497ebc1d

  • SHA512

    f38e22b2cad1d8120894907ffa124c164e710acdfee124aff80672fd3e8950b05051bde0176815ef001c19cf72b220c634c82d609ef22937c6378ab18f13b9b5

Malware Config

Extracted

Family

icedid

Campaign

277711618

C2

bransfortrionaf.com

Targets

    • Target

      soaQ2v1G.dll

    • Size

      59KB

    • MD5

      6e9c3f73b2baa8bb5058305bbfb8db6c

    • SHA1

      c67b68454b1b391c1f2b58dad817134ec5c0aeca

    • SHA256

      4739101e48410b4287d2e8cf4e5b208395d922e710be71f39437d379497ebc1d

    • SHA512

      f38e22b2cad1d8120894907ffa124c164e710acdfee124aff80672fd3e8950b05051bde0176815ef001c19cf72b220c634c82d609ef22937c6378ab18f13b9b5

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks