General

  • Target

    0x0006000000023252-2.dll.exe

  • Size

    328KB

  • Sample

    231012-az7l3sfg48

  • MD5

    d7e6bc7d9983adc4dd2820d00756c7c0

  • SHA1

    15fa33e71a2c20f73bc4595546b1494ec2e561b0

  • SHA256

    f324bb47090d388fca1015260f66f67b708e8451292cd5679791792c90d5b711

  • SHA512

    42d534bd586e8ffec3ec170409667becec6206f97701497527ca1c8a35a6b251f6d9b24304d08b3460761abff6394446af11bed19c35a24affe9b165c50e7001

  • SSDEEP

    6144:fN/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmU8D7KTXhdic:f5FCOWGRayW6sAowXFmU8D7KTRw

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      0x0006000000023252-2.dll.exe

    • Size

      328KB

    • MD5

      d7e6bc7d9983adc4dd2820d00756c7c0

    • SHA1

      15fa33e71a2c20f73bc4595546b1494ec2e561b0

    • SHA256

      f324bb47090d388fca1015260f66f67b708e8451292cd5679791792c90d5b711

    • SHA512

      42d534bd586e8ffec3ec170409667becec6206f97701497527ca1c8a35a6b251f6d9b24304d08b3460761abff6394446af11bed19c35a24affe9b165c50e7001

    • SSDEEP

      6144:fN/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmU8D7KTXhdic:f5FCOWGRayW6sAowXFmU8D7KTRw

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks