General

  • Target

    1f3235531b0b7ef5191182243604c684.dll

  • Size

    107KB

  • Sample

    220723-we5smsgahk

  • MD5

    1f3235531b0b7ef5191182243604c684

  • SHA1

    16215e638e88b0d3f68182f9aa4397b22ab2584d

  • SHA256

    5ad1e7d6e7a6d98fc74c1193e2a509ab016e15d25d06e72f2bdd15a07797460c

  • SHA512

    a228bfb388a1a47de264dbd7c17e5532a0677b5f08b607784e7f25a3bae4e9578fe16c9b29f85107eb1cec43675c66887720ce8a91e08367bb6b7ee1c6c3cdb8

Malware Config

Extracted

Family

icedid

Campaign

1195019694

C2

garbagewellduno.com

Targets

    • Target

      1f3235531b0b7ef5191182243604c684.dll

    • Size

      107KB

    • MD5

      1f3235531b0b7ef5191182243604c684

    • SHA1

      16215e638e88b0d3f68182f9aa4397b22ab2584d

    • SHA256

      5ad1e7d6e7a6d98fc74c1193e2a509ab016e15d25d06e72f2bdd15a07797460c

    • SHA512

      a228bfb388a1a47de264dbd7c17e5532a0677b5f08b607784e7f25a3bae4e9578fe16c9b29f85107eb1cec43675c66887720ce8a91e08367bb6b7ee1c6c3cdb8

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks