General

  • Target

    7737096156.zip

  • Size

    128KB

  • Sample

    220719-yvpgpsbgdk

  • MD5

    468ebf273dd7018672027ca30b2910b1

  • SHA1

    991601b055a6886f820487de0d3aa2492cccb98c

  • SHA256

    7ef4bf3d02183fe1ccf354e6609d0a30f26fcec0004f04bd49f9e883bb19f7b4

  • SHA512

    6f7e9ff31c15502b4369e657ab462f6b1dd54230813ef9f65299d81955ae2a95e2905ac2b8ddfd519f820ebd3744100261c14a886bda2e1053163f94d2590313

Malware Config

Extracted

Family

icedid

Campaign

2745070743

C2

cootembrast.com

Targets

    • Target

      fac078655a3f20ac3d4f4119c0b6b1ad25b3fa4de49c7b30dac9f1fac7a47853

    • Size

      252KB

    • MD5

      27f2598140a3c631e7a0ef5856fc9d3d

    • SHA1

      2b01f21a1e6d16b74db339c4e4fed4bf17ee6efc

    • SHA256

      fac078655a3f20ac3d4f4119c0b6b1ad25b3fa4de49c7b30dac9f1fac7a47853

    • SHA512

      68ba0478178ca93695131a420d3e9d7fff16f27ebcfe8854a05fb8088ea9116664e40158f3f1adde9d04532ca349d68ed16d5051cefd750ea9e7abeb7c54f3d3

    Score
    3/10
    • Target

      Unpaid_order-.lnk

    • Size

      1KB

    • MD5

      57083b6f777f5fc405998dfba18c96b2

    • SHA1

      887f9327f85c467bed14509392347b1d252a4e76

    • SHA256

      6cf647ad3e7c980e024ae6fa58cf2081977124c7f3933b18954a70f8e59a7331

    • SHA512

      9a987f3a2ee5bb88c180a6a2fe55d57b0a5c0ca4dcc3df144fef5d7bed376f4e4f0afde52a3448cae2b476a2ebf2ceab249bc7338080770c65aae60202392bc0

    Score
    3/10
    • Target

      would/with.dat

    • Size

      102KB

    • MD5

      6ed95de1bbb49e1a1629b5bf0946685d

    • SHA1

      0649d21ad8b3dbd87f46657321e586fb7076785f

    • SHA256

      eafe0b7e096d944aa5b53ca9c134915e3d557d4963e252415c181f39f2057279

    • SHA512

      5d2ae631d6c47069a91395c42a6da2172d2ac79c5d6c70320818c3682084a6c9884c5b3092b80b1caf5a9bccf9c22a53d4281733bd76b0dd93c0871d788898d9

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Target

      would/worker.cmd

    • Size

      38B

    • MD5

      4dfc194be090d7f0374d83d6fe7132ce

    • SHA1

      8e9fe8acc3925344cdd574af749959ed45b549d8

    • SHA256

      47027d0855077414e00142d7041140db86bf67dc49b38564dde7b16af1ffca76

    • SHA512

      1d60940fccfbd0f649c078d0a2094bc8be7eb592f118fc0591d07f57bfc959ef08a51607bb1ca1f16fe16b52e639e9b043cf74d72d0b390cc27bb5ed862682f8

    Score
    1/10
    • Target

      would/worker.js

    • Size

      597B

    • MD5

      0f7953fa835ed01c52e43fc5adcdc82f

    • SHA1

      9aa18d66d3e28260065899b0771a4612d00be192

    • SHA256

      8167ea65b66c76dc7093793d1f018ac8743c0ce697c6f914110aa3ac138f62a0

    • SHA512

      808235dba8c4dd42057d067ade149d003cda406bc5fa46768d3bdc04537235a0175df1bd2357bf85f1af750a82329f050edc6ea68fadaee6c10f3edd8d60414a

    Score
    1/10

MITRE ATT&CK Enterprise v6

Tasks