General

  • Target

    file

  • Size

    380KB

  • Sample

    211119-rs3szsdef7

  • MD5

    37a9f0026962ab3681968a95c1fb467b

  • SHA1

    fee5d4621079facf4517310df5ae05fc907ce27c

  • SHA256

    c445b342ec002cf6a2e7a2f01da939a79c374f830c9b1507acc2c30284db6ad2

  • SHA512

    1848bb58f83267bdeb37417c6277333fce994811a6ef3d6c6faf0ce9ef986601568a07773cd84317f755e14ec14a81a132ffbe3bb592d1335ed84c96f8306c1a

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

2237127122

C2

lokidasterreno.site

onmentalsocio.top

burgomustopr.rest

lopityr4.pw

Attributes
  • auth_var

    3

  • url_path

    /posts/

Targets

    • Target

      core.bat

    • Size

      186B

    • MD5

      6658fcb22e8022f7d1048fd97b97610d

    • SHA1

      39463d86161a9ec5fbb1369a79a807ca833e35e1

    • SHA256

      619ff80d72c919bb0fa812f89d115b4f54ade7d6df9f236ba21ac390abd1172d

    • SHA512

      60df8563382619659d632db38b80908103d648e7821ea50a2378c0bc34009cd7589ebc8df2bf72165b973948cd2032365769fa3dda8b7860a27bf56600e9cbfd

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Target

      robust-32.dat

    • Size

      67KB

    • MD5

      44ea8ab0eb40f791faee08907deb77e6

    • SHA1

      1e8c8b5faa2604e1708e4bea5ba3a7fac0474f62

    • SHA256

      1daaad6aa25bbd65b3f86d09a7480e71a4a768395786752cd1146dcd148f850c

    • SHA512

      8752fd02370edcb156ef645b773eefe14d8a2b2561ba919c2d2750d0062b4550ec7b50a15b6552925373efbf54777f68115f3137b7c96738328d15a387adeb66

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks