Resubmissions

22-02-2022 16:12

220222-tngfasahc2 10

17-01-2022 15:06

220117-sg5zmsagg4 10

General

  • Target

    file

  • Size

    355KB

  • Sample

    220222-tngfasahc2

  • MD5

    77ee0a32575966167eec026869c36b46

  • SHA1

    7c7900405de0819d34af623cfea64ce24fc20714

  • SHA256

    70c5158096c8344b9f41c1016211951d1834a8b9d59107fbf471054d3cf58fa2

  • SHA512

    fd5a03cfe3e75bd1bde0b2cc8b198055016732c499cc400b423301407c09ee18d692b0f199d1ca06dfa984319d3f5508f6c33c81f9494153a5ad55728593a3d7

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

302245654

C2

imilarquestio.top

heywanted.top

minimike.quest

alsohavethis.top

Attributes
  • auth_var

    3

  • url_path

    /posts/

Targets

    • Target

      core.bat

    • Size

      184B

    • MD5

      c540eb5e82dc4dd90cd65bc5a8580745

    • SHA1

      3c009abc357c266b1eac6cee5efde0faf69f8afd

    • SHA256

      6325c1d867acf95f2786c760ad517fefa9f213d8beb76e422f6c2fea88e5b91c

    • SHA512

      5b0f0a797d0c8c4a5f53e329ce40d5e9f608753626ca67e94cfbe0c1bcc8086c9145f8093950f8edcd69307e353dffaf30025d614778ebc4aeac66946b33c8db

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Target

      scan_x32.tmp

    • Size

      112KB

    • MD5

      3b89fae14077485209480f448bc6154d

    • SHA1

      0006d7bfefe42a3f1714653c1b14ad292a12baae

    • SHA256

      7338986761ad8de5fa5dabd42d85b08aa72f38fa5265840686f04d7de96a5016

    • SHA512

      8eb99ae51d2e10056061784d464b88351404b0d1272b9c1e4a2db2fba1610688d39511559af38ca24a5ea2be165017abcc7827d21525dc7fb050c6b335b03f62

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

MITRE ATT&CK Matrix

Tasks