General

  • Target

    0a1ecff59d21c9ac48bdf171e14c5651.dll

  • Size

    96KB

  • Sample

    220724-lrl6yscddl

  • MD5

    0a1ecff59d21c9ac48bdf171e14c5651

  • SHA1

    5768af11a1bf88260db18e849222e62c95b0cb79

  • SHA256

    33392acae344f7c8ede0bce4b56d1a476b97ef28de407ab9dc599ffecfbcd627

  • SHA512

    5ed3c1b14ca52e5052a29e0e5b2159832ecb9cea8d6ec845428adea86bb30c10a8fa5fbe80a7de1ed5ce08dbca4f75c121a5328e06b6c1cc51d23494ca4397da

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      0a1ecff59d21c9ac48bdf171e14c5651.dll

    • Size

      96KB

    • MD5

      0a1ecff59d21c9ac48bdf171e14c5651

    • SHA1

      5768af11a1bf88260db18e849222e62c95b0cb79

    • SHA256

      33392acae344f7c8ede0bce4b56d1a476b97ef28de407ab9dc599ffecfbcd627

    • SHA512

      5ed3c1b14ca52e5052a29e0e5b2159832ecb9cea8d6ec845428adea86bb30c10a8fa5fbe80a7de1ed5ce08dbca4f75c121a5328e06b6c1cc51d23494ca4397da

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks