General

  • Target

    werfault.exe

  • Size

    2.9MB

  • Sample

    220523-v5zhwaccdn

  • MD5

    8970a3db9f39923a4ef16fb39cd8acc5

  • SHA1

    caaca63a223df4aa52e37850cad18274aab9cb96

  • SHA256

    1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa

  • SHA512

    5f3f7449c79d1f7ca75940366fb5abc8d30fd6a336431ad1a47c4530a64cb93bbf4d7ccbcb22756f04971e2d8cd987d5acc7bdb32cbb16ec3b15b49eef5309bb

Malware Config

Extracted

Family

icedid

Campaign

3826577017

C2

pilatylu.com

Targets

    • Target

      werfault.exe

    • Size

      2.9MB

    • MD5

      8970a3db9f39923a4ef16fb39cd8acc5

    • SHA1

      caaca63a223df4aa52e37850cad18274aab9cb96

    • SHA256

      1e3d10c3c84d7617692174a1f9ae8a658eabb22c7122ef1c8f37f35641ccf7aa

    • SHA512

      5f3f7449c79d1f7ca75940366fb5abc8d30fd6a336431ad1a47c4530a64cb93bbf4d7ccbcb22756f04971e2d8cd987d5acc7bdb32cbb16ec3b15b49eef5309bb

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

MITRE ATT&CK Matrix

Tasks