General

  • Target

    file

  • Size

    380KB

  • Sample

    211124-vln8ssgdf6

  • MD5

    934af4e101fd07ed58701663e59027f5

  • SHA1

    151534684364c20f685ec8e59af469a3d7a5cbb7

  • SHA256

    fbe3fc4926ed67359b39778cbc6c39f681d859bb21d64028d5f86cbc7ad14811

  • SHA512

    5d097e3da71194072f56e49002166f3eeff51cd9035f39dfb34e527fcb238750ed7777f6fe4c899a30ec7f6b9b1ccad8e0a9d56d8d6c92adfe0fae0ec58bb318

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

2237127122

C2

lokidasterreno.site

burgomustopr.rest

lopityr4.pw

rocesdilin.top

Attributes
  • auth_var

    6

  • url_path

    /posts/

Targets

    • Target

      core.bat

    • Size

      184B

    • MD5

      7ad0df2088d6f4b4f1ab680985460161

    • SHA1

      2611de6578b61c2f806ddd5d2bdab3c284936167

    • SHA256

      550b39c60eca29760f353e42deffac5f8c7dcfd5b9f44132ba2ed29f6d0293f8

    • SHA512

      82571323d4beffae2417e2e4231faba8609fc0b7fd178d942ed5ad3113b44d4ecb2d150bcb963c0c42ce9a4847d0e8535312675f6b7837e4b6c316ecec004261

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Target

      group_32.tmp

    • Size

      64KB

    • MD5

      e6d3086f7370e07e3217142f13f44bef

    • SHA1

      2cbbb7f93e43727b4dd1d3e1cc45d7a2c3e90c6e

    • SHA256

      7c8185c7f9fa5f7b2e402fbf5831fde7fa1c23fda6684472d137ebacf6888571

    • SHA512

      6117ad25adb8988bbebcb378305eadc8c5a9e8e4610910295ae4a07e7479d2b343ed6c303b2fbb752cf8df7cc614802cdbe53dac958d17a75ea4f487b3b702e9

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

MITRE ATT&CK Matrix

Tasks