General

  • Target

    8e5b7c76ad5c02bbf42f0918400138f60a578f42c63ad26bb56ff5311478e867

  • Size

    135KB

  • Sample

    220521-awgaqaahb5

  • MD5

    17a032f1bc160b9e14e8f8de24c60e1c

  • SHA1

    66f75de88d8fbef7a32f2aade9da8fc0d38255ce

  • SHA256

    8e5b7c76ad5c02bbf42f0918400138f60a578f42c63ad26bb56ff5311478e867

  • SHA512

    29715f4decb051489f158f3e0350753a464d536bcce7f34983714abef98ba5ff938477a33c2a8c869c50fb153dea90ddd0fdd740591b685b8e0a745173cd8c9b

Malware Config

Extracted

Family

icedid

C2

ldrfeelings.casa

Targets

    • Target

      8e5b7c76ad5c02bbf42f0918400138f60a578f42c63ad26bb56ff5311478e867

    • Size

      135KB

    • MD5

      17a032f1bc160b9e14e8f8de24c60e1c

    • SHA1

      66f75de88d8fbef7a32f2aade9da8fc0d38255ce

    • SHA256

      8e5b7c76ad5c02bbf42f0918400138f60a578f42c63ad26bb56ff5311478e867

    • SHA512

      29715f4decb051489f158f3e0350753a464d536bcce7f34983714abef98ba5ff938477a33c2a8c869c50fb153dea90ddd0fdd740591b685b8e0a745173cd8c9b

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID First Stage Loader

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation