General

  • Target

    86d53d0f79158bca840b1ceb6a8fd6f9.dll

  • Size

    96KB

  • Sample

    220724-pn834adcdp

  • MD5

    86d53d0f79158bca840b1ceb6a8fd6f9

  • SHA1

    8314ab6aeb5013213d3b1db4dc99a485c66529cc

  • SHA256

    8f3e03dd22ae5b295abf6d88bc06b139ec718461fe558cd42b786475c2f94fee

  • SHA512

    31b9d8787d47978ef66b912d332d69cb6b14d4426b34aab306d568e5a8a8a96bab666bbd62ad07f744b96199655920e23f0adac12897668ed451f61c6ca63b40

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      86d53d0f79158bca840b1ceb6a8fd6f9.dll

    • Size

      96KB

    • MD5

      86d53d0f79158bca840b1ceb6a8fd6f9

    • SHA1

      8314ab6aeb5013213d3b1db4dc99a485c66529cc

    • SHA256

      8f3e03dd22ae5b295abf6d88bc06b139ec718461fe558cd42b786475c2f94fee

    • SHA512

      31b9d8787d47978ef66b912d332d69cb6b14d4426b34aab306d568e5a8a8a96bab666bbd62ad07f744b96199655920e23f0adac12897668ed451f61c6ca63b40

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks