test.zip

General
Target

test.zip

Size

323KB

Sample

220513-p6a9safeg7

Score
10 /10
MD5

2c369fe2ef9455e0333644eb123394ee

SHA1

c9174b87b0d5cd99e3540a5aef4c71c26b5b9c3e

SHA256

34948d0d4911eca35482764310f560be97ca33ebce759a479f7733c10c86dd8b

SHA512

d886e4b416fb8a6b9da7df9d299fa9a1b243e2027f0bd600f201fa9158e5d595eddd4f1fab9f0b6e805cee32ba1b8ea4a5d905640fc3769e20cd654caac47a20

Malware Config

Extracted

Family icedid
Campaign 3000901376
C2

yolneanz.com

Targets
Target

cmd.bat

MD5

5e9549ff24e0488d40f20979c9e9c6e4

Filesize

69B

Score
10/10
SHA1

271430ffb14345fd1ed91d8339b60103979de8e6

SHA256

2465269b1d190d38aa49ed7d70429f7d5bb2688806f932d69ae43d3a58f7854b

SHA512

963ec4155f664a14f36690a2846ccdac42d62401e3397582cbe1022152e033a9e118e5af2d4618181b6fc974659e980c4894b6d5305ae925c604969905459840

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • suricata: ET MALWARE Win32/IcedID Request Cookie

    Description

    suricata: ET MALWARE Win32/IcedID Request Cookie

    Tags

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation