General

  • Target

    pg5rto.bin

  • Size

    96KB

  • Sample

    220720-tv4t6sahd7

  • MD5

    c4eefccc159a1959cddb92f536791720

  • SHA1

    73a0e2719fb2887efdef77ba6fa285b8fee5417d

  • SHA256

    330eead9a06c5bca4b275f9fe44f402da2d1a218b553d16f9863e4d59cd7f1f6

  • SHA512

    d96513332ca934f79bdaa862af486397f9c4a695997970ba8ae361d3b5f12562a90baa484831b08e438f4ba9e50108719cde34d5af1b264668336a9bdf378248

Malware Config

Extracted

Family

icedid

Campaign

2937671378

C2

cootembrast.com

Targets

    • Target

      pg5rto.bin

    • Size

      96KB

    • MD5

      c4eefccc159a1959cddb92f536791720

    • SHA1

      73a0e2719fb2887efdef77ba6fa285b8fee5417d

    • SHA256

      330eead9a06c5bca4b275f9fe44f402da2d1a218b553d16f9863e4d59cd7f1f6

    • SHA512

      d96513332ca934f79bdaa862af486397f9c4a695997970ba8ae361d3b5f12562a90baa484831b08e438f4ba9e50108719cde34d5af1b264668336a9bdf378248

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks