General

  • Target

    IcedID.bin

  • Size

    96KB

  • Sample

    220724-f92rgaghdm

  • MD5

    031254f8b94c0dfd64cb0afdbee8a9f8

  • SHA1

    9be935e0f3f8d32438088750df5498b4bddb8d35

  • SHA256

    c9b9ecc7163cca30fe80fe22c40a4625aacd42a0400e485aae318105c4e8d805

  • SHA512

    7e92809f582d2c0202858f0a2f80e393b6d752b017fdcf9e755e76086befac3dfabc63a5f0a9856323c9eefd78e5ca22a2465af0812603127c79a2d52719eab7

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      IcedID.bin

    • Size

      96KB

    • MD5

      031254f8b94c0dfd64cb0afdbee8a9f8

    • SHA1

      9be935e0f3f8d32438088750df5498b4bddb8d35

    • SHA256

      c9b9ecc7163cca30fe80fe22c40a4625aacd42a0400e485aae318105c4e8d805

    • SHA512

      7e92809f582d2c0202858f0a2f80e393b6d752b017fdcf9e755e76086befac3dfabc63a5f0a9856323c9eefd78e5ca22a2465af0812603127c79a2d52719eab7

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks