General

  • Target

    12b4d0ba2fdc1f7af5a838e028eea3305a8d067776044c82b02997bec4ea3090

  • Size

    82KB

  • Sample

    220523-1bnr6scdcr

  • MD5

    83b5eb867110403cc72819463a807b73

  • SHA1

    efc2f8f7584a633103aa568600b977312ecb9dd7

  • SHA256

    12b4d0ba2fdc1f7af5a838e028eea3305a8d067776044c82b02997bec4ea3090

  • SHA512

    2379e8543022691b67cddb4a2d571c06d949dd6638f72c3569f52908a1449a42aca11ad7a3afa0b3bf884ee64dee388744db87f29a238c6d4ffac7f135f34844

Malware Config

Extracted

Family

icedid

Botnet

2794990697

C2

sheaffic.org

memphase.com

vulcate.com

sheaffic.com

eurobable.com

Attributes
  • auth_var

    1

  • url_path

    /index.php

Extracted

Family

icedid

Targets

    • Target

      12b4d0ba2fdc1f7af5a838e028eea3305a8d067776044c82b02997bec4ea3090

    • Size

      82KB

    • MD5

      83b5eb867110403cc72819463a807b73

    • SHA1

      efc2f8f7584a633103aa568600b977312ecb9dd7

    • SHA256

      12b4d0ba2fdc1f7af5a838e028eea3305a8d067776044c82b02997bec4ea3090

    • SHA512

      2379e8543022691b67cddb4a2d571c06d949dd6638f72c3569f52908a1449a42aca11ad7a3afa0b3bf884ee64dee388744db87f29a238c6d4ffac7f135f34844

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • IcedID Second Stage Loader

MITRE ATT&CK Matrix

Tasks