General

  • Target

    Desktop.zip

  • Size

    59KB

  • Sample

    220720-q85rvaffh9

  • MD5

    383de9987abe67ded552f924bc69b1c9

  • SHA1

    a8caf87ccb1156f168bc65965387beabde8408c6

  • SHA256

    04692716664c373f49de80fda84c1cfd32730b689a0040a91ad417765d8e25fe

  • SHA512

    e843f745ed97a93c14d224483ee9bc93e180deb6e53240e552017785625afb2108ef156d15e98cb702040fc302ccb99386a4c7b21537f54046d7b690f11c5a82

Malware Config

Extracted

Family

icedid

Campaign

4182822218

C2

explorblins.com

Targets

    • Target

      b4ramo.dll

    • Size

      174KB

    • MD5

      a1db3c5322f324af0c20c7e68577ea33

    • SHA1

      6add8032c0d03423347976c55d278fc3d269bfa4

    • SHA256

      47d418843812bec2262dc42a7cf4a02f0413276127758f6d6411b89e29eaed40

    • SHA512

      67689f0bec9dc2428c3721d6b798f40f84b7bafdb556f4312240b579657cb492369394a525e0d8291fe9c34a48436f74d4bfa90b1b0614cc6a4088fbb5711a56

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Target

      documents.lnk

    • Size

      1KB

    • MD5

      2ac780fa4ac2cf6e12c32d542601b999

    • SHA1

      8179e357dbfc6b38fee5514e77aef0511a85d9ed

    • SHA256

      aa2ee0a0341d11e12466d161d7e08ee29731e615e3cec6cc6769f3ab808f2c2e

    • SHA512

      0d03b3b89bcd84c28cca8afafc98a400c3fae720562372166d0389f159c22ce0b559d508f21587e5e8bd207292e4ed0064d801e116bf40c9f6b4fb3cf89a9ab9

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks