General

  • Target

    648c83e5f3a1ba4a263c14ecde137f06.dll

  • Size

    96KB

  • Sample

    220724-k2q28acbej

  • MD5

    648c83e5f3a1ba4a263c14ecde137f06

  • SHA1

    f61eec7c62edf16778695e5c42b3e82163866f83

  • SHA256

    85f25379a2c5948ceb33e5553a5795152d44c051b3d74fbe56d272fd0df198a1

  • SHA512

    70fac6922d86535bfefa3d87bd3ea7daf8e984536f91fc72d42ac9f72d13d80a26c0bbab8b11e4f4ace9b8178f221f78f3e769d1088b138ed69818e8d17ab256

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      648c83e5f3a1ba4a263c14ecde137f06.dll

    • Size

      96KB

    • MD5

      648c83e5f3a1ba4a263c14ecde137f06

    • SHA1

      f61eec7c62edf16778695e5c42b3e82163866f83

    • SHA256

      85f25379a2c5948ceb33e5553a5795152d44c051b3d74fbe56d272fd0df198a1

    • SHA512

      70fac6922d86535bfefa3d87bd3ea7daf8e984536f91fc72d42ac9f72d13d80a26c0bbab8b11e4f4ace9b8178f221f78f3e769d1088b138ed69818e8d17ab256

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks