General

  • Target

    file-130722.1464.iso

  • Size

    3.0MB

  • Sample

    220718-hpsn6sbcgm

  • MD5

    61554f3c081cc8a598a47ec2bda60ffc

  • SHA1

    b945c5d27296e210f430aa72a71829e5dbdb7bbf

  • SHA256

    b85a883b3b21e4f7dfe3311a3be4686f881fc2dddd177f5703123fa13ea01cff

  • SHA512

    7792467eac58fe9ac763f3ea38266bed7d36c253c5ddcefcfa93d42e5915d3d633fd094e805283306c22c57633654f2390d6cc21e55272906e0e35b771ff5bec

Malware Config

Extracted

Family

icedid

Campaign

294489237

C2

alldogsedag.com

Targets

    • Target

      VNXdz2Gs.dll

    • Size

      56KB

    • MD5

      dd5afccc2179838bf0a0b4900de45ec4

    • SHA1

      8f8e2f1c289a896dfccebb0eaa6b46de190682aa

    • SHA256

      f09f832b797e71224bc05637a12527b9fc9c04147a70a6778f8aff2538a1b2b4

    • SHA512

      9706ddd49f4ea568c8002c0a2a63f9529945abaacca7add454ddbe15af238f32a8479fb280b8fa28be844fe97539bc2dc511ad1086ba94c1cf95302034172d23

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Target

      file-130722.1464.png.lnk

    • Size

      1KB

    • MD5

      2312f38d6a5a49a2b24f70fe6bbd983d

    • SHA1

      e7f642a3972583d81ed9e64a01895fa4d64f8b53

    • SHA256

      30e7b2bf2df763da04179d02298876f72b67ef8a000cea237787a86500ff9fca

    • SHA512

      520e856dfee2a80dacf52616a887fa5ffe68b3d905d2fb1900739fdf4d7a8599aa5614b108cea5edd3060a324a3cb6f1877e54d5493a6b0d4ff6bb769ed95155

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks