Resubmissions

22-02-2022 16:13

220222-tpdqssahe8 10

22-02-2022 16:13

220222-tpb7zaahe6 10

16-12-2021 11:18

211216-nehzwacaa3 10

16-12-2021 04:08

211216-eql18sbhgk 10

General

  • Target

    file

  • Size

    398KB

  • Sample

    211216-eql18sbhgk

  • MD5

    3b8c31f58d129b7dc22d45c94919e5f2

  • SHA1

    3caa756e0c362a4e8c6a062b63a20e974743c07b

  • SHA256

    dce759f629e445e004412d7ff1688ff3458d68f844d45f59d7d054551664af16

  • SHA512

    75ef8029ed981148cf347f6580fe7bd11a5514a6dd0855a0ecb4da8b089c73075ca95543bb0c267405cdaa112f9b1788b00be778356b778a11f8869b73f1dd2a

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      core.bat

    • Size

      184B

    • MD5

      5bd4250c03a115f6fd370056f069f8d7

    • SHA1

      9a42391c1b7b096966d8c432ba23aebee2aaeac6

    • SHA256

      bcd99df71c80e21a9d9698779848be9e8f38f47b89e38792911fdf19720e3f0c

    • SHA512

      861e2ca7f5a39c2d5c4a0db390769308aea219d20f19cc0f200f63641498fce9b0e7d2b283df2ea741f1a810e4c6f725c0ae64174c43aca47582e894c1a83b6b

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Target

      orient32.tmp

    • Size

      151KB

    • MD5

      ebfc2ce58d5573a735b40b2302f2de4a

    • SHA1

      b4eca993956dbb7e785c4a6c0ea4866297219368

    • SHA256

      e1154b718a8e0213f1c6c447810bb4edaf887906386458d2bd5ca0c73e73ca26

    • SHA512

      17a5742d349e349bb1c6191954805efe530a11d41863de57fb40a6f992fd5837d8901770219c3a0990f270bc07bbbc1e75f7e3b1fdda8404ad2108f263b906cd

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks