General

  • Target

    iso.zip

  • Size

    79KB

  • Sample

    220720-kabhfseahm

  • MD5

    481b88191f388c5490525aa97117425e

  • SHA1

    dcbeb000a62e8e52f54c6c8f229897c558710799

  • SHA256

    a8faaeab28b3a80dd9a2aedda26a6b2c41a9c582de2fd091f34b3bb371bdd4b0

  • SHA512

    b196a87a795fc9b302c0efc2ad9bc5703cf2488b57539b74c7ef654b5bf80ecdc0c5a430238b26fd9c977d1084e0377a6feaebe2118730869415f630a880fce2

Malware Config

Extracted

Family

icedid

Campaign

1094353980

C2

aftersunicox.com

Targets

    • Target

      iso/am1lo4.dll

    • Size

      147KB

    • MD5

      e41d5bf7f1bfd5d67bcf6f2107c35272

    • SHA1

      1b2e54ea1a221e1bb2ccc85091d27725c1d0444e

    • SHA256

      71591ddc02eadac622c577be5d5e8c714904d7a96c7eb4e2609c4ff76ee10f86

    • SHA512

      a84f24df490325b222dc3ac0f5b7d2df9458f5f67e458e25abf083e6c5e337396a18dcb23ef03d6508189a8fd8d258879ed890f03cc21ed6d52efdc002641468

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Target

      iso/documents.lnk

    • Size

      1KB

    • MD5

      8b6854e62af721babbb0a3770fe4e4f8

    • SHA1

      0358318460abb60d09bef967408870b805cac041

    • SHA256

      f6be0f739a1130aa6f0155b890038a8857da52e79471bf337384662470bd6d9e

    • SHA512

      338c786fba164c8a626b66ccde4e04b3ee06c7abaef0ad34b3034a4e71852619ddd37aa5ba96f6ef20ddf3133b787c750fde0d3db0e6ac604de2fe354b4921ba

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks