General

  • Target

    data.dll

  • Size

    291KB

  • Sample

    211209-rt5zqscca5

  • MD5

    71c8eb081c33fd6b2c10effa92154a18

  • SHA1

    8222ed4fcac2c7408e7fbb748af1752e72bb9b01

  • SHA256

    baeb13eea3a71cfaba9d20ef373dcea69cf31f2ec21f45b83f29f699330cb3e3

  • SHA512

    ca689b439edd294b38f553fd69784f70e9d011b165dc8c68f070ed95c3cb2255fc33f0b44a90f372b98973aaafb36abc903b536e38727e9465985c21c23a3a0c

Malware Config

Extracted

Family

icedid

Campaign

870605016

C2

guguchrome.com

Targets

    • Target

      data.dll

    • Size

      291KB

    • MD5

      71c8eb081c33fd6b2c10effa92154a18

    • SHA1

      8222ed4fcac2c7408e7fbb748af1752e72bb9b01

    • SHA256

      baeb13eea3a71cfaba9d20ef373dcea69cf31f2ec21f45b83f29f699330cb3e3

    • SHA512

      ca689b439edd294b38f553fd69784f70e9d011b165dc8c68f070ed95c3cb2255fc33f0b44a90f372b98973aaafb36abc903b536e38727e9465985c21c23a3a0c

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation