General

  • Target

    879523aa42d9276f72f17f450468a0ab.virus

  • Size

    28KB

  • Sample

    211112-wlgdmaahgn

  • MD5

    879523aa42d9276f72f17f450468a0ab

  • SHA1

    f772c2bf9c24ca62750f69cf6ac605179be85622

  • SHA256

    0ef7f2b1ab7ad7e4c3124a981dc4f0ca9bcbbc2194573ae5d678df65fd24c69a

  • SHA512

    8be1594e6e5f2eb3ad65c61f8d0f9775c287dd4889f778517dd46f432a404626f00b81b82c687ace028576632f9abb4fa94244f7f755e077a4eaa112ff611fde

Malware Config

Extracted

Family

icedid

Campaign

949083261

C2

kitchenbiggy.best

Extracted

Family

icedid

Campaign

949083261

Targets

    • Target

      879523aa42d9276f72f17f450468a0ab.virus

    • Size

      28KB

    • MD5

      879523aa42d9276f72f17f450468a0ab

    • SHA1

      f772c2bf9c24ca62750f69cf6ac605179be85622

    • SHA256

      0ef7f2b1ab7ad7e4c3124a981dc4f0ca9bcbbc2194573ae5d678df65fd24c69a

    • SHA512

      8be1594e6e5f2eb3ad65c61f8d0f9775c287dd4889f778517dd46f432a404626f00b81b82c687ace028576632f9abb4fa94244f7f755e077a4eaa112ff611fde

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • suricata: ET MALWARE Win32/IcedID Requesting Encoded Binary M4

      suricata: ET MALWARE Win32/IcedID Requesting Encoded Binary M4

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks