Resubmissions

08-02-2022 15:50

220208-s9ye9saaf5 10

08-02-2022 14:47

220208-r5vyxahcbn 10

General

  • Target

    1909a177d8f646c0993e5e58347e1a0b39b71dc45ad4ae49faa631683c18a3e6

  • Size

    615KB

  • Sample

    220208-r5vyxahcbn

  • MD5

    3bfef2a13f7cbbe2c872bef76adb676b

  • SHA1

    dd972d20477223b75ffddf0b2e65b533a431aa14

  • SHA256

    1909a177d8f646c0993e5e58347e1a0b39b71dc45ad4ae49faa631683c18a3e6

  • SHA512

    5ef53f6cc283f38212c4818576bcaaee80518fc383639b4051e498778f60e1751be09c2738b4e8b9a21620a047e5e916e4effd7f48d1035779b35d9ae1a1e543

Malware Config

Extracted

Family

icedid

Campaign

1732687004

C2

keepfootbal.com

Targets

    • Target

      1909a177d8f646c0993e5e58347e1a0b39b71dc45ad4ae49faa631683c18a3e6

    • Size

      615KB

    • MD5

      3bfef2a13f7cbbe2c872bef76adb676b

    • SHA1

      dd972d20477223b75ffddf0b2e65b533a431aa14

    • SHA256

      1909a177d8f646c0993e5e58347e1a0b39b71dc45ad4ae49faa631683c18a3e6

    • SHA512

      5ef53f6cc283f38212c4818576bcaaee80518fc383639b4051e498778f60e1751be09c2738b4e8b9a21620a047e5e916e4effd7f48d1035779b35d9ae1a1e543

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

MITRE ATT&CK Enterprise v6

Tasks