General

  • Target

    fb78077c8d2f4ab908964b8fd47a745aabe134818649ad728529ac5776c93bc9

  • Size

    770KB

  • Sample

    201113-pbejb7byhj

  • MD5

    da068d7db316b6a21416f6e14cee0d49

  • SHA1

    f576c89730193d6882006fdbd4ef7f85122b5a77

  • SHA256

    fb78077c8d2f4ab908964b8fd47a745aabe134818649ad728529ac5776c93bc9

  • SHA512

    0d6eb658dd9ffd9acd8f5f6e4f9e0ab697a42d519abbcebe753dee03b8ea60e249136bca5aae833667e741e0b9bc4656f9dd97f4c632e9d5ae63a554f07d125a

Malware Config

Extracted

Family

icedid

C2

kostacardsplayer.pro

kostafootball.info

countrylandlords.info

landiscloudlord.red

Targets

    • Target

      fb78077c8d2f4ab908964b8fd47a745aabe134818649ad728529ac5776c93bc9

    • Size

      770KB

    • MD5

      da068d7db316b6a21416f6e14cee0d49

    • SHA1

      f576c89730193d6882006fdbd4ef7f85122b5a77

    • SHA256

      fb78077c8d2f4ab908964b8fd47a745aabe134818649ad728529ac5776c93bc9

    • SHA512

      0d6eb658dd9ffd9acd8f5f6e4f9e0ab697a42d519abbcebe753dee03b8ea60e249136bca5aae833667e741e0b9bc4656f9dd97f4c632e9d5ae63a554f07d125a

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

MITRE ATT&CK Matrix

Tasks