General

  • Target

    tmp

  • Size

    2.1MB

  • Sample

    220413-vv5xxadhfq

  • MD5

    c52150ad226963a07cfc144d9cea73c7

  • SHA1

    235912e865829ae7b9196fc4a1df4dfe8123dcfb

  • SHA256

    ac1d19c5942946f9eee6bc748dee032b97eb3ec3e4bb64fead3e5ac101fb1bc8

  • SHA512

    43ae77c0e0c94e7b9525906dae115497c7dd49afabccd64d37b224e75931b09bff8dedf81a9cd3bf9454f75e4a67c4355f19dd8bcbe25b8b06eee32f2240a7cc

Malware Config

Extracted

Family

icedid

Campaign

2352744503

C2

rivertimad.com

Targets

    • Target

      tmp

    • Size

      2.1MB

    • MD5

      c52150ad226963a07cfc144d9cea73c7

    • SHA1

      235912e865829ae7b9196fc4a1df4dfe8123dcfb

    • SHA256

      ac1d19c5942946f9eee6bc748dee032b97eb3ec3e4bb64fead3e5ac101fb1bc8

    • SHA512

      43ae77c0e0c94e7b9525906dae115497c7dd49afabccd64d37b224e75931b09bff8dedf81a9cd3bf9454f75e4a67c4355f19dd8bcbe25b8b06eee32f2240a7cc

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • IcedID First Stage Loader

MITRE ATT&CK Matrix

Tasks