General

  • Target

    5ff1d93a205886ab217917d01686808669b1b0fa4a5c49b048d42e4e55629751

  • Size

    212KB

  • Sample

    220708-km41jabhc3

  • MD5

    e5f07f8e608942d32a95dabf91c59bc6

  • SHA1

    9c994691363c8301bdc22fb82d829e9cb827a416

  • SHA256

    5ff1d93a205886ab217917d01686808669b1b0fa4a5c49b048d42e4e55629751

  • SHA512

    46d735ebdbd600b8063a3ac9156b77dbe929d509d7fabc83b3f1d308522cfce82a023de4b4b3909333a7baabca59f90941a3545e3a66cad7b74d30621eb4af0c

Malware Config

Extracted

Family

icedid

Botnet

63706493

C2

gelevandren.cyou

greenflopper.best

qassertolik.top

wassermannshop.club

Attributes
  • auth_var

    4

  • url_path

    /audio/

Extracted

Family

icedid

Targets

    • Target

      5ff1d93a205886ab217917d01686808669b1b0fa4a5c49b048d42e4e55629751

    • Size

      212KB

    • MD5

      e5f07f8e608942d32a95dabf91c59bc6

    • SHA1

      9c994691363c8301bdc22fb82d829e9cb827a416

    • SHA256

      5ff1d93a205886ab217917d01686808669b1b0fa4a5c49b048d42e4e55629751

    • SHA512

      46d735ebdbd600b8063a3ac9156b77dbe929d509d7fabc83b3f1d308522cfce82a023de4b4b3909333a7baabca59f90941a3545e3a66cad7b74d30621eb4af0c

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • IcedID Second Stage Loader

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks