General

  • Target

    5341114668318720.zip

  • Size

    30KB

  • Sample

    210726-hv6tyzvnvn

  • MD5

    24d50b8e2e2404b32ecf99f5071457e5

  • SHA1

    0a5c4057c36202304c9ae2b47cf5769ae6b73873

  • SHA256

    27fe8f2fb4544c471bf73d5ffd0dd75a32c30d7ebdf39d6eea2fc760d12c1b8c

  • SHA512

    4f79d66168596fc653b376472f0bdacf964a07d27eb6db2036bb13630a8ce5676ac6598c85edb3e8978e524b722d4ae935bb387f8c9b7c6fc2f0ecfeaf80fa68

Malware Config

Extracted

Family

icedid

C2

bomberfiller.cyou

fekoliture.cyou

bomminollio.co

landingforced.co

Targets

    • Target

      2cdf066be8b5278ab728277cd77b8f3f5bc042a89e4e386b3202c8c6c4be737b

    • Size

      56KB

    • MD5

      7e198bc723b2db4378fcf6bebfd8f434

    • SHA1

      c1c3d7f5b2af29f855ec0da721b2008a5f9ce8fe

    • SHA256

      2cdf066be8b5278ab728277cd77b8f3f5bc042a89e4e386b3202c8c6c4be737b

    • SHA512

      fd7e5951ad9564ab86facdac352c43f8f76bda79a2befa1be91d65fcaf238bd3073c94e86dedb4536b0da5b8980b0f222c3ada88644f8cc429d66bfac185db16

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks