Resubmissions

19/07/2022, 17:45

220719-wbxmvsgegj 10

General

  • Target

    invoiceThemedZips_20220719.zip

  • Size

    128KB

  • Sample

    220719-wbxmvsgegj

  • MD5

    c76da9e80c55473b7d8ab5154e1da511

  • SHA1

    60afbe8add6dedb197b0e94a3aa2c2d1eebc1163

  • SHA256

    bb06c4d1a5161b7c0b34d879b60e20043dcf0f27f7a67585f50837c3b6c4daeb

  • SHA512

    6514cd5d3d608cc4c75994c27880cd529301c8314d098d4d5236332bd6ecd3d607419c55f18a6ea2d085161b359b3d09c10322ce45300386582e2621e1998230

Malware Config

Extracted

Family

icedid

Campaign

2745070743

C2

cootembrast.com

Targets

    • Target

      Unpaid_order-.lnk

    • Size

      1KB

    • MD5

      870e1e809fda72a052e80e5db50869c2

    • SHA1

      31757fafa34604d877cf5964946b601cc2080178

    • SHA256

      814a6fd152912d3954d4acaab76fd982338f3c1a84ff5651de718cc82b402421

    • SHA512

      c06d3235b884edef137b694c88427842e88f2612002ce7ef06d661b658e6e231ea0d6e85d2a0eb43ef999feb3eaf0b5d735af2b217213bf95fb637ff1b6ce548

    Score
    3/10
    • Target

      by/could.dat

    • Size

      102KB

    • MD5

      ad0436f20e1ecd7fdf9b4d147d8db2da

    • SHA1

      3cf1ddd0da127677149ffb5bfef19193e1f91b3f

    • SHA256

      b6d3b7cb6f70a03a54ad1b96149d5e2bea7606392e4f951c3e9b9490065c611f

    • SHA512

      0c3a093282be98c579d9534ad47853ccf490ea715dade11aaef288c90a52aae84e1d25b7b61f39c925e311c6a03e7a5845f446f4ecf26f54890ba53a4321a50e

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Target

      by/get.txt

    • Size

      142KB

    • MD5

      801c4a4d4c2ace9a20fb7e9cbb04bd51

    • SHA1

      f6c1c3989be85af1fc177c9ba16d6f1d6888c2c9

    • SHA256

      ea914ff766135cdbd18c7cf850d2c5f2b309954f335d063d2c2b4947debedb87

    • SHA512

      bc0425b26e7b68e23b4ac8ba630c3ace1997dfcb31a9c207844461b18eafb389b2b2494ff9161372c5df3bceb3c1a2246ab08cae1a27902389e167d877ad48eb

    Score
    1/10
    • Target

      by/worker.cmd

    • Size

      35B

    • MD5

      a855acbe9d85a079c486f81d830f959f

    • SHA1

      54b3b73b737ab2288ae3e0d0c18a709776a1e4fa

    • SHA256

      3df84d584e0f2985b385af94990b1929ac1d78add2917879bd80067ce81367c0

    • SHA512

      8c09dd5667c2c18e26f0fce146bed2d93905f3c7558eb3304068e31b5ccab60471463d6d6f7cb473e4f3cbcf28e096cc4291e57ab630fcfdd1f7c01b19dfbcac

    Score
    1/10
    • Target

      by/worker.js

    • Size

      595B

    • MD5

      d88d6e139225ad1827ad0a90cfcde6ad

    • SHA1

      3639a15444a6a9eb8a1296bb216cf908c96c7648

    • SHA256

      0563835d2f039018858b9a89c96bff1bec8450aa75e7b99c6b6b5f471f2b97d4

    • SHA512

      83df96b3f7cbcae480f2e7667c7a25ab609d38f991192ca37eb9458115e379578740b02d4d26839ef03bc1d9812d0bbc3e1ecef46979873428c5377abba07e0d

    Score
    1/10
    • Target

      by/would.txt

    • Size

      209KB

    • MD5

      46547298ca647ba5b9de65294d5fb4bd

    • SHA1

      0a6179ecee425998fe620c17c639792209598f42

    • SHA256

      2cafb04a89534a075c789c8fa150b87ac168ca3efd75f1099ab5d3e8bb01ba68

    • SHA512

      6d7c809bb26263a2dd2171d591ebce010c3f086d4fc2b264fede77a73d244c054601508787554899d85ae581d94e584e5ccba1953780d669f1cef310b4694104

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks