General

  • Target

    5d283c8dc6281bd2717760614df917c1.dll

  • Size

    110KB

  • Sample

    220723-jzd47sdah6

  • MD5

    5d283c8dc6281bd2717760614df917c1

  • SHA1

    300d151d2f4f30a92bdb923ef9fb3c07e8407f52

  • SHA256

    25533b670fae7fb0f632bcbd142d55242a30f0151e0225abb0214d3f432e639d

  • SHA512

    73827d026c62e17422fb34fc4bf22eef692045995d59dccfe0587884412e7e7789465ae078ff74805acbb9e9bc80fb1f9c6f75213b80aa0d65ac878d8489f672

Malware Config

Extracted

Family

icedid

Campaign

244156380

C2

garbagewellduno.com

Targets

    • Target

      5d283c8dc6281bd2717760614df917c1.dll

    • Size

      110KB

    • MD5

      5d283c8dc6281bd2717760614df917c1

    • SHA1

      300d151d2f4f30a92bdb923ef9fb3c07e8407f52

    • SHA256

      25533b670fae7fb0f632bcbd142d55242a30f0151e0225abb0214d3f432e639d

    • SHA512

      73827d026c62e17422fb34fc4bf22eef692045995d59dccfe0587884412e7e7789465ae078ff74805acbb9e9bc80fb1f9c6f75213b80aa0d65ac878d8489f672

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks