icedid | 0aa4eccf0ba03e7269c132d4542f13af44a7cb5c25ee156694e8e230bb6ef348 | Triage

Resubmissions

13-09-2021 11:23

210913-nhfc6agfbk 10

05-09-2021 13:46

210905-q26qkacgfk 10

Sharing

General

Target

Iwowtiou1.dll
Size

4.5MB
Sample

210905-q26qkacgfk
MD5

81b5922c26d007efa85d746f7e5cd175
SHA1

44b20bc1d9781cb19fd322043ea8cc549430a817
SHA256

0aa4eccf0ba03e7269c132d4542f13af44a7cb5c25ee156694e8e230bb6ef348
SHA512

81990781ce8fc6f660f6dd8dceb2dce05a0b07e77d79d2323a5b07a94ce70edc88f5c8b0692850d565ba59f3c2ae0c885281e52740228e60b1527715af8d2d56

Score

10^/10

icedid 1820688957

Malware Config

Extracted

Family

icedid

Botnet

1820688957

C2

timerework.fun

pexxota.space

Attributes

auth_var
6
url_path
/news/

Targets

- Target
  
  Iwowtiou1.dll
- Size
  
  4.5MB
- MD5
  
  81b5922c26d007efa85d746f7e5cd175
- SHA1
  
  44b20bc1d9781cb19fd322043ea8cc549430a817
- SHA256
  
  0aa4eccf0ba03e7269c132d4542f13af44a7cb5c25ee156694e8e230bb6ef348
- SHA512
  
  81990781ce8fc6f660f6dd8dceb2dce05a0b07e77d79d2323a5b07a94ce70edc88f5c8b0692850d565ba59f3c2ae0c885281e52740228e60b1527715af8d2d56
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

1820688957icedid

behavioral1

behavioral2