General

  • Target

    01cf8c7b7eac2e9b9a08c25426a1181b.dll

  • Size

    96KB

  • Sample

    220724-pmm48sdccr

  • MD5

    01cf8c7b7eac2e9b9a08c25426a1181b

  • SHA1

    7bf8987e7801c5826f7ecae29fe4b23acfac2d5a

  • SHA256

    60e512b3790b0335ae8b74b95cf5a475cb242c20023a1e13c59b2d294ec00bbd

  • SHA512

    bb607b9aa1ec1908f669f3d4f03467c008a70b0b44ad5b0dbd837c5fccb017e1f160112d7c30cce29447249d2ace437049121f8e495d4760aad513d0bc52c105

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      01cf8c7b7eac2e9b9a08c25426a1181b.dll

    • Size

      96KB

    • MD5

      01cf8c7b7eac2e9b9a08c25426a1181b

    • SHA1

      7bf8987e7801c5826f7ecae29fe4b23acfac2d5a

    • SHA256

      60e512b3790b0335ae8b74b95cf5a475cb242c20023a1e13c59b2d294ec00bbd

    • SHA512

      bb607b9aa1ec1908f669f3d4f03467c008a70b0b44ad5b0dbd837c5fccb017e1f160112d7c30cce29447249d2ace437049121f8e495d4760aad513d0bc52c105

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks