General

  • Target

    file

  • Size

    382KB

  • Sample

    211104-awmgqsfee5

  • MD5

    e6511f34a7c39814b0bf4a9c4339fa82

  • SHA1

    90698ebc92762329e35934f7e4d22992fcf18ab2

  • SHA256

    d1d9e3afcd5ad3ba9b4977eeca3d7e88125b2b5c10342b26b7af93b8b213847f

  • SHA512

    653136702db8630ec23c100ef9bdb2b1cbbaac4fe9eb0b720fe3291001ef9e07c7234bb3c8920807447927d1f7331b1391251db4eae52beed067bdcf9f3d5655

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1217670233

C2

nnelforwfin.top

lakogrefop.rest

hangetilin.top

follytresh.co

Attributes
  • auth_var

    12

  • url_path

    /posts/

Targets

    • Target

      core.bat

    • Size

      184B

    • MD5

      2b4f27b826aec08eb90ff784b25d048d

    • SHA1

      b1444548b53ec112797cc7d03a1e227fe71315ca

    • SHA256

      b976471778c3abead8001c5a7db7d39b461e88bbd5322a579d86c1ca725375fb

    • SHA512

      d6316825b5372e445941b75b08b04aaee49bab12d752dba4691aac8093100d1632a1b07e6b7d6899c528e6777f0bcfcd977e02a7f8d559b29e205703f573d434

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Target

      pigeon64.dat

    • Size

      159KB

    • MD5

      de317e8f5ed28affbf38306925aa59a8

    • SHA1

      38f670fadedf06bf12243b74618c5e4461416a6f

    • SHA256

      b16bfd48ebbe416330327d2462bb5084bf0e3dfadd237b10e0c4670ed52532ef

    • SHA512

      c9b02fa7effaeba55d1f324da2557c210b04b031991b1909d85dde90fed162d3c3afa8325ec96cd52f306074def915bf7c99e361502fea920bb33f68f322abce

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

MITRE ATT&CK Matrix

Tasks