General

  • Target

    da8b0dfc72b00e8dbd27f4452720c529.dll

  • Size

    96KB

  • Sample

    220724-j55t4sbhcq

  • MD5

    da8b0dfc72b00e8dbd27f4452720c529

  • SHA1

    388f93417a9765053283a21f552ef8e8ef021fea

  • SHA256

    bfd2544f6cb03ada9421496069c9c523e61ba2c905fdbb718c2c8f63ff3c5167

  • SHA512

    557b651e0975c9b890d6010f58404b0c62e2775ea1c298ed62c500036fa2475fd4313a2f66ed4baa711cffd67750e25343b06469c30f9722cc1dc939c2336069

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      da8b0dfc72b00e8dbd27f4452720c529.dll

    • Size

      96KB

    • MD5

      da8b0dfc72b00e8dbd27f4452720c529

    • SHA1

      388f93417a9765053283a21f552ef8e8ef021fea

    • SHA256

      bfd2544f6cb03ada9421496069c9c523e61ba2c905fdbb718c2c8f63ff3c5167

    • SHA512

      557b651e0975c9b890d6010f58404b0c62e2775ea1c298ed62c500036fa2475fd4313a2f66ed4baa711cffd67750e25343b06469c30f9722cc1dc939c2336069

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks