General

  • Target

    inv87162.iso

  • Size

    804KB

  • Sample

    220630-x9g6habgg2

  • MD5

    8c68ce9792abd3b3b6f0b3b98aa33da9

  • SHA1

    d9687ae99c1a3b8875a02fbbddedbf15b5070156

  • SHA256

    87502ec6bc99fdad2d6092b022d35446123fd00e8ab9b5831939d32b7ba5a4de

  • SHA512

    9b9bf204083f060fecb5b4fe2198e86c4c4ba4b6cd8821ea09f2facca024d9a553106b9a5c8532040a1bc45f88d7f3ba09c069e9f52a4829d2319fb6daed9069

Malware Config

Extracted

Family

icedid

Campaign

1842176049

C2

carismortht.com

Targets

    • Target

      33667344.dll

    • Size

      734KB

    • MD5

      a1f7315db077f4439da7547f1157245d

    • SHA1

      adcb94e14189aacbe2486a77ef9a4026db1384b9

    • SHA256

      8b6fdabfcc653d84055464fd6d924fc931a7468fc362433569d74f65bad8e1dc

    • SHA512

      71dcb2133815f1903c31d6e720af2cefec9e77b58be000a8d359e7c682ba86862f303c74727e3dc9ebd2b30bb37d95da189aa774870d9bd24e50adad6c1a5cf4

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Target

      INV87162.txt.lnk

    • Size

      1KB

    • MD5

      eee800539317857be2814e2961f5786b

    • SHA1

      3b4031af710ea8116b7ae0c405182055b263441c

    • SHA256

      9ba435872f1ef090c6eb506fcd7c07d903b8c7a26e772e8b1046f312258f5a04

    • SHA512

      c5610f208d67274d59a391ce80f3358b3bb3c83297f34029a89c2e34f687940d1cd064abf0b41dc264fec8fbc36e61c08329896d42bdae9a765048ae2edd3cbd

    Score
    1/10
    • Target

      UFbjRkMGfw.ps1

    • Size

      59B

    • MD5

      219543beb2dbd3dd4a38133cb4cf5d62

    • SHA1

      a9f3bca1e95a8013e54a327ab471fa90f4d6fdec

    • SHA256

      ff4878fee00d54134fffa5ca90af7ec4892d7397dafe5ad8a319ab83f9b594ae

    • SHA512

      adfc8567036636ebcbd46d860eacdf55edaff7a56af5a65f0c4695fe2698fa8bc5c7afa1b75126450417516851b500bb3b8d1a1211dae279d6ef95c1621aab26

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Target

      notice.txt

    • Size

      366B

    • MD5

      8054a00a327955bb34ef9d930dc19a20

    • SHA1

      7445f99b93469efb9bd5746cf5c4520f25894150

    • SHA256

      d82a953766e7951c5c49923cdd361377e17d3bb6b321416766344ceb3a6ac165

    • SHA512

      8f0359ab757551af5e8feb7857d3434fdffab0f7f9c26cefcf0fac0dc6d5e31b163aefc75252b340fe7eaeafea6677e894ef5958177680a617bde232a00a58e9

    Score
    1/10

MITRE ATT&CK Matrix

Tasks