General

  • Target

    be5b421fbe8f020701823f7d20ba4855.dll

  • Size

    96KB

  • Sample

    220724-q51zgsedg9

  • MD5

    be5b421fbe8f020701823f7d20ba4855

  • SHA1

    8c8f1882a6b435f0b4efe65eb789628037e589c1

  • SHA256

    9e7339adbb7a4ff5c250d25591fcbda4be7ae21f74215050cbe39db51fcd8686

  • SHA512

    6d6bb2320b18ce73dbb034078090762b0c8a49ba8ade33b170d73a597e762c2551f6872c1861d67f7bdebc55740cf92e8ccb9bc76129e459b62ba7a2916b7601

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      be5b421fbe8f020701823f7d20ba4855.dll

    • Size

      96KB

    • MD5

      be5b421fbe8f020701823f7d20ba4855

    • SHA1

      8c8f1882a6b435f0b4efe65eb789628037e589c1

    • SHA256

      9e7339adbb7a4ff5c250d25591fcbda4be7ae21f74215050cbe39db51fcd8686

    • SHA512

      6d6bb2320b18ce73dbb034078090762b0c8a49ba8ade33b170d73a597e762c2551f6872c1861d67f7bdebc55740cf92e8ccb9bc76129e459b62ba7a2916b7601

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks