General

  • Target

    48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb

  • Size

    444KB

  • Sample

    220510-wcpnmsgdfr

  • MD5

    b2376e9758c3894d917d90501a628aeb

  • SHA1

    a6b63142de59bd8074a7fb2839e1dfaf80efea20

  • SHA256

    48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb

  • SHA512

    75adedd0a416ecee091f1f03c8c8994c2f01b710a81cbb159902ed129993200ba69c126c7822c55608f7505d1ff2b292278cf3e785fba01bd31b1fe50da12fac

Malware Config

Extracted

Family

icedid

Botnet

3956128845

C2

youandtherest.cyou

pleasurepopug.cyou

Attributes
  • auth_var

    3

  • url_path

    /audio/

Targets

    • Target

      48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb

    • Size

      444KB

    • MD5

      b2376e9758c3894d917d90501a628aeb

    • SHA1

      a6b63142de59bd8074a7fb2839e1dfaf80efea20

    • SHA256

      48fd13b164c2d78b4958b631508a21669c12b52cff9eeca171e40d1b65836cbb

    • SHA512

      75adedd0a416ecee091f1f03c8c8994c2f01b710a81cbb159902ed129993200ba69c126c7822c55608f7505d1ff2b292278cf3e785fba01bd31b1fe50da12fac

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

MITRE ATT&CK Matrix

Tasks