General

  • Target

    ff7b32437030131c3a88322272d45483.dll

  • Size

    96KB

  • Sample

    220724-kv19lsccb4

  • MD5

    ff7b32437030131c3a88322272d45483

  • SHA1

    6aaae2ec2788b0061890c4a815adf25c19bc511d

  • SHA256

    969ce96a81f207c2f6526eb87d48e62e365acdf0e54d2ba79677ea591091ea6a

  • SHA512

    5464fcea278b86159183d831700ac4b2abde399d7bdf1ab25b0ff97d8525b4487550c103ca276dfca4bebbe795b102b917d5dd112276e5008c9f7749c45b96d4

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      ff7b32437030131c3a88322272d45483.dll

    • Size

      96KB

    • MD5

      ff7b32437030131c3a88322272d45483

    • SHA1

      6aaae2ec2788b0061890c4a815adf25c19bc511d

    • SHA256

      969ce96a81f207c2f6526eb87d48e62e365acdf0e54d2ba79677ea591091ea6a

    • SHA512

      5464fcea278b86159183d831700ac4b2abde399d7bdf1ab25b0ff97d8525b4487550c103ca276dfca4bebbe795b102b917d5dd112276e5008c9f7749c45b96d4

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks