General

  • Target

    8d7bcddb8007aa54b2ddff053f4c489ae73e7bd3184123b248ef25d3867eeeca

  • Size

    178KB

  • Sample

    220419-gwpqesbhf9

  • MD5

    95b63bf508b8dcac6e045adec3dac2f2

  • SHA1

    03e29ee2785cc4540adc5676e459d398e2044a5d

  • SHA256

    8d7bcddb8007aa54b2ddff053f4c489ae73e7bd3184123b248ef25d3867eeeca

  • SHA512

    795ca2a1e7d71bc0c9576fd27cb56117ec9ecff3055578de799333748072a20778bac9757c92b40d85a5a98875a9b1769f7a9d4a9c37f06beca4d9289697fdda

Malware Config

Extracted

Family

icedid

C2

gekatolic.top

Targets

    • Target

      8d7bcddb8007aa54b2ddff053f4c489ae73e7bd3184123b248ef25d3867eeeca

    • Size

      178KB

    • MD5

      95b63bf508b8dcac6e045adec3dac2f2

    • SHA1

      03e29ee2785cc4540adc5676e459d398e2044a5d

    • SHA256

      8d7bcddb8007aa54b2ddff053f4c489ae73e7bd3184123b248ef25d3867eeeca

    • SHA512

      795ca2a1e7d71bc0c9576fd27cb56117ec9ecff3055578de799333748072a20778bac9757c92b40d85a5a98875a9b1769f7a9d4a9c37f06beca4d9289697fdda

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID First Stage Loader

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Tasks