General

  • Target

    LhHKIaL.dll

  • Size

    348KB

  • Sample

    231018-tjfm7shc94

  • MD5

    378a98fd5fb5b134a5529e697023d680

  • SHA1

    558443dfc17655941cc54f1fe867457f5afd4f54

  • SHA256

    3c52f7fc9fb2ce7c10f20f0eeee60b093133b497b68c9f87b627ae4664aa56b1

  • SHA512

    c8c23cbc012716bf9eb3c105ccd6b8ae1d96e56e2a0df5ee086b17b8497f4ed119e8f212d539098a2659bb50ce17ca7cf3a5f5c83fdb15f516e830c2e18fa57d

  • SSDEEP

    6144:kuuRSnPC1Pw/HDyFIVvmohJkhW2ZEPYvAH0EYKvw+b/Kv/o:kfsCY7yRoaEPWAH0R+b

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      LhHKIaL.dll

    • Size

      348KB

    • MD5

      378a98fd5fb5b134a5529e697023d680

    • SHA1

      558443dfc17655941cc54f1fe867457f5afd4f54

    • SHA256

      3c52f7fc9fb2ce7c10f20f0eeee60b093133b497b68c9f87b627ae4664aa56b1

    • SHA512

      c8c23cbc012716bf9eb3c105ccd6b8ae1d96e56e2a0df5ee086b17b8497f4ed119e8f212d539098a2659bb50ce17ca7cf3a5f5c83fdb15f516e830c2e18fa57d

    • SSDEEP

      6144:kuuRSnPC1Pw/HDyFIVvmohJkhW2ZEPYvAH0EYKvw+b/Kv/o:kfsCY7yRoaEPWAH0R+b

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks