General

  • Target

    0db54b1949ac0c5962461f8b7fad2031.dll

  • Size

    110KB

  • Sample

    220723-d8rh1acacm

  • MD5

    0db54b1949ac0c5962461f8b7fad2031

  • SHA1

    e9d90b3f9906407913c05f3d6dabe73bac687b46

  • SHA256

    3f41641d953c3f398dd670309c98ae06aa4afc935b65b71946d06db081291ea8

  • SHA512

    be50775e71f1621d956342e53083dce5135df30025bb0446da6019a9f492561434a322b07d25524b8d4ffe2fc647aa88ae1b9057a8d7d249951a04423eb165b8

Malware Config

Extracted

Family

icedid

Campaign

244156380

C2

garbagewellduno.com

Targets

    • Target

      0db54b1949ac0c5962461f8b7fad2031.dll

    • Size

      110KB

    • MD5

      0db54b1949ac0c5962461f8b7fad2031

    • SHA1

      e9d90b3f9906407913c05f3d6dabe73bac687b46

    • SHA256

      3f41641d953c3f398dd670309c98ae06aa4afc935b65b71946d06db081291ea8

    • SHA512

      be50775e71f1621d956342e53083dce5135df30025bb0446da6019a9f492561434a322b07d25524b8d4ffe2fc647aa88ae1b9057a8d7d249951a04423eb165b8

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks