General

  • Size

    258KB

  • Sample

    210423-6nreapv9dx

  • MD5

    2cbed069a079c2c57946e9cccb1f1f72

  • SHA1

    18c4208d04d1b0a5d0e423cb60ca87fd64eabf80

  • SHA256

    b52c0640957e5032b5160578f8cb99f9b066fde4f9431ee6869b2eea67338f28

  • SHA512

    372cc5969492964dcbed070981b1fd443b53e1fbc23664f75bfa01ee96aefc733998ff9d586b8099f455a7f3546cfcf4190038a9dfeb54d94903d0f4beba84c4

Malware Config

Extracted

Family

icedid

Campaign

3351099083

C2

vaclicinni.xyz

Targets

    • Target

      b52c0640957e5032b5160578f8cb99f9b066fde4f9431ee6869b2eea67338f28

    • Size

      258KB

    • MD5

      2cbed069a079c2c57946e9cccb1f1f72

    • SHA1

      18c4208d04d1b0a5d0e423cb60ca87fd64eabf80

    • SHA256

      b52c0640957e5032b5160578f8cb99f9b066fde4f9431ee6869b2eea67338f28

    • SHA512

      372cc5969492964dcbed070981b1fd443b53e1fbc23664f75bfa01ee96aefc733998ff9d586b8099f455a7f3546cfcf4190038a9dfeb54d94903d0f4beba84c4

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID First Stage Loader

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation