General

  • Target

    0x0002000000022618-2.dll

  • Size

    328KB

  • Sample

    231012-a3bc2sdh21

  • MD5

    d85f31f8c9a77b723f0b33c64aee0e25

  • SHA1

    a06d64929c4df25fa798bb5aeba6c45dddb68c4f

  • SHA256

    42cea91c813a490a0b590932c940d796fadfc97765291506813b0ae6f2a42fed

  • SHA512

    1a86682de0287b3b6de5834441b50f16732bd34494ab7834cee97c50f570c57a6cb113a90eed8be72185a11cdfeebc072962ae9d9a85a9b4313bb1e3f18d3146

  • SSDEEP

    6144:3N/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmUwUBS8OgJU9P:35FCOWGRayW6sAowXFmUwUE1gI

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      0x0002000000022618-2.dll

    • Size

      328KB

    • MD5

      d85f31f8c9a77b723f0b33c64aee0e25

    • SHA1

      a06d64929c4df25fa798bb5aeba6c45dddb68c4f

    • SHA256

      42cea91c813a490a0b590932c940d796fadfc97765291506813b0ae6f2a42fed

    • SHA512

      1a86682de0287b3b6de5834441b50f16732bd34494ab7834cee97c50f570c57a6cb113a90eed8be72185a11cdfeebc072962ae9d9a85a9b4313bb1e3f18d3146

    • SSDEEP

      6144:3N/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmUwUBS8OgJU9P:35FCOWGRayW6sAowXFmUwUE1gI

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks