General

  • Target

    bd9aa1bcf743985bf6f6f1e0a1019166.dll

  • Size

    96KB

  • Sample

    220724-p6khfsdda5

  • MD5

    bd9aa1bcf743985bf6f6f1e0a1019166

  • SHA1

    9e256a2ae52544b23b758e8c3dbb7e396490571c

  • SHA256

    29705ff06be2bb3df0f87c8138f2f42e897d114fa53f516153f4e433722e1111

  • SHA512

    fb3829f65d907f937351ac6deab676058cadfb043461de7e565dd64e8ba4946653784ee7bf1ab4a65d3bfcd746b44019f07003644012e78e40d43bc380d3f57b

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      bd9aa1bcf743985bf6f6f1e0a1019166.dll

    • Size

      96KB

    • MD5

      bd9aa1bcf743985bf6f6f1e0a1019166

    • SHA1

      9e256a2ae52544b23b758e8c3dbb7e396490571c

    • SHA256

      29705ff06be2bb3df0f87c8138f2f42e897d114fa53f516153f4e433722e1111

    • SHA512

      fb3829f65d907f937351ac6deab676058cadfb043461de7e565dd64e8ba4946653784ee7bf1ab4a65d3bfcd746b44019f07003644012e78e40d43bc380d3f57b

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks