General

  • Target

    Desktop.zip

  • Size

    42KB

  • Sample

    220719-va138afdg5

  • MD5

    ecfb58e806369c9b3ab45efc2494dfbc

  • SHA1

    12971f7e9e531b9c84cde2a2222b88b24dc07bcf

  • SHA256

    155905af58052a02721d8b0947798790a03e6256d4c8ad1ba7344f5d62126b3e

  • SHA512

    6509fb44335781a6ff7ae7f9d6a1e8545d8d6c234e8ff83c6a163ed195e0605a7b760c03c694c46fc0f2d6f087dc186c6c03f0e8778e38efec3cfefcf8f47118

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      documents.lnk

    • Size

      1KB

    • MD5

      af95728369b85b93607b3e964645a966

    • SHA1

      c4bcd5529abe4b9ca1a256ba2268951686121aa0

    • SHA256

      ba7c6a42b7a89b3ea12cd03c85d8e5d1d560101e688734cdec156155c4810f8e

    • SHA512

      a955fe893872920cdaa0f7c498b87f142c9fd76aecaa5395248f5a209a9ba4a5d0fb9c901a5a3f1378505178fb848bef08da1ec6cff23f11638eb24c979a0615

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      pg5rto.dll

    • Size

      96KB

    • MD5

      0fdcea20cb8eadebf91415a52c718ae2

    • SHA1

      372cb211573d60b5cce3a957898ffa8b16e0f7a9

    • SHA256

      ad788ccefcaf826b54ea29499569f8ba092af7cd40fc7768d0b96d73ced95475

    • SHA512

      1a15f81d0e0ac5497a5903bf71f724bdddfb1443671d0cc892f836f5afdfed530453377a90ac1c5c0293cc40ed098e982bc4eaea1d1781427708e4cdf61b1b44

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks