General

  • Target

    31d974f0ca5257b64335f129876e983b.dll

  • Size

    107KB

  • Sample

    220723-xpevmsgea7

  • MD5

    31d974f0ca5257b64335f129876e983b

  • SHA1

    fdcda2baf8b06b96d81ebff2307d9b120df73dfa

  • SHA256

    18056fcaf69f734efe01994b2e49b8c3de9ee74b432b892a287cee79205f0d62

  • SHA512

    38d643fb12c0a0dd3cfca5a6dd680cf9a86eb3940d791972088a93d3f4dec28201b5262f2aeeff539059377afc852e18d2411290a5fd156444e13d649ffc3fff

Malware Config

Extracted

Family

icedid

Campaign

1195019694

C2

garbagewellduno.com

Targets

    • Target

      31d974f0ca5257b64335f129876e983b.dll

    • Size

      107KB

    • MD5

      31d974f0ca5257b64335f129876e983b

    • SHA1

      fdcda2baf8b06b96d81ebff2307d9b120df73dfa

    • SHA256

      18056fcaf69f734efe01994b2e49b8c3de9ee74b432b892a287cee79205f0d62

    • SHA512

      38d643fb12c0a0dd3cfca5a6dd680cf9a86eb3940d791972088a93d3f4dec28201b5262f2aeeff539059377afc852e18d2411290a5fd156444e13d649ffc3fff

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks