General

  • Target

    tmp

  • Size

    699KB

  • Sample

    220223-1wed8sbde2

  • MD5

    4b71805d51193b0dbe39321475ba41ed

  • SHA1

    2c69d33ee6cad5557f088f205f7c031b5d7d003c

  • SHA256

    a98112f55dfd1fe971be934510d681e30fad6bc0edd9b4ba5c888f0080a5ed68

  • SHA512

    9f882d0a3117c9b530bdcea67b36601a26024cfa0d505cfa0e06c4a2b675751ad453f220329b1cc8171fedfb576d73d58d8e13e726af08344307a257d078c608

Malware Config

Extracted

Family

icedid

Campaign

2715004312

C2

badgoodreason.com

Targets

    • Target

      tmp

    • Size

      699KB

    • MD5

      4b71805d51193b0dbe39321475ba41ed

    • SHA1

      2c69d33ee6cad5557f088f205f7c031b5d7d003c

    • SHA256

      a98112f55dfd1fe971be934510d681e30fad6bc0edd9b4ba5c888f0080a5ed68

    • SHA512

      9f882d0a3117c9b530bdcea67b36601a26024cfa0d505cfa0e06c4a2b675751ad453f220329b1cc8171fedfb576d73d58d8e13e726af08344307a257d078c608

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID First Stage Loader

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks