General

  • Target

    535cf81ef13340cd5963851a6eaafb79.dll

  • Size

    110KB

  • Sample

    220723-pffrksedd3

  • MD5

    535cf81ef13340cd5963851a6eaafb79

  • SHA1

    683ce9eba81c68febefd5ccd3eb48efcaadcc1ab

  • SHA256

    cd1c5d1f2e772c5c89a81c60a2ff9244e0e42bfcd02a56881019ac9dd653bf92

  • SHA512

    69f6ad1dffba6ca1a2b6241ced98cadd6a4c9ec75d559a9d2e46f2a375a64c452384d2243dc41f3cb1ce044e7a63e4ae59bd9cddc829fac67ae28389dfedc3fe

Malware Config

Extracted

Family

icedid

Campaign

244156380

C2

garbagewellduno.com

Targets

    • Target

      535cf81ef13340cd5963851a6eaafb79.dll

    • Size

      110KB

    • MD5

      535cf81ef13340cd5963851a6eaafb79

    • SHA1

      683ce9eba81c68febefd5ccd3eb48efcaadcc1ab

    • SHA256

      cd1c5d1f2e772c5c89a81c60a2ff9244e0e42bfcd02a56881019ac9dd653bf92

    • SHA512

      69f6ad1dffba6ca1a2b6241ced98cadd6a4c9ec75d559a9d2e46f2a375a64c452384d2243dc41f3cb1ce044e7a63e4ae59bd9cddc829fac67ae28389dfedc3fe

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks