General

  • Target

    can.dat

  • Size

    102KB

  • Sample

    220719-wrqjgsggbl

  • MD5

    6ed95de1bbb49e1a1629b5bf0946685d

  • SHA1

    0649d21ad8b3dbd87f46657321e586fb7076785f

  • SHA256

    eafe0b7e096d944aa5b53ca9c134915e3d557d4963e252415c181f39f2057279

  • SHA512

    5d2ae631d6c47069a91395c42a6da2172d2ac79c5d6c70320818c3682084a6c9884c5b3092b80b1caf5a9bccf9c22a53d4281733bd76b0dd93c0871d788898d9

Malware Config

Extracted

Family

icedid

Campaign

2745070743

C2

cootembrast.com

Targets

    • Target

      can.dat

    • Size

      102KB

    • MD5

      6ed95de1bbb49e1a1629b5bf0946685d

    • SHA1

      0649d21ad8b3dbd87f46657321e586fb7076785f

    • SHA256

      eafe0b7e096d944aa5b53ca9c134915e3d557d4963e252415c181f39f2057279

    • SHA512

      5d2ae631d6c47069a91395c42a6da2172d2ac79c5d6c70320818c3682084a6c9884c5b3092b80b1caf5a9bccf9c22a53d4281733bd76b0dd93c0871d788898d9

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks