Resubmissions

25-03-2021 11:08

210325-lbfj33e3pe 10

25-03-2021 09:49

210325-safqylnrm6 10

General

  • Target

    d72d6ddcbdf401c1b05da01824aabd92.dll

  • Size

    52KB

  • Sample

    210325-lbfj33e3pe

  • MD5

    d72d6ddcbdf401c1b05da01824aabd92

  • SHA1

    21405e03bb9a929672d53c68b0d6d2facf24d394

  • SHA256

    f6ea31d1b674431a77384e8e84b15522055fc9c90fe7ca7e1f666d447277af41

  • SHA512

    f8cca66fdacba29d0ed3e315617c92400ddff902ec6a72262467394c9c6659cdd797ad43e20e47527522751b430a76a2f2ad12a4bff49a7ea76d781a0f88bd05

Malware Config

Extracted

Family

icedid

Campaign

1211238709

C2

feaser2347.club

Targets

    • Target

      d72d6ddcbdf401c1b05da01824aabd92.dll

    • Size

      52KB

    • MD5

      d72d6ddcbdf401c1b05da01824aabd92

    • SHA1

      21405e03bb9a929672d53c68b0d6d2facf24d394

    • SHA256

      f6ea31d1b674431a77384e8e84b15522055fc9c90fe7ca7e1f666d447277af41

    • SHA512

      f8cca66fdacba29d0ed3e315617c92400ddff902ec6a72262467394c9c6659cdd797ad43e20e47527522751b430a76a2f2ad12a4bff49a7ea76d781a0f88bd05

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID First Stage Loader

    • PhotoLoader Payload

      IcedID downloder-Photloader.

MITRE ATT&CK Matrix

Tasks