General

  • Target

    file.7z

  • Size

    52KB

  • Sample

    220721-y1hw4shhf5

  • MD5

    7cc098c8af1d47ec0b12dd1b91d311c1

  • SHA1

    cb1f6d760ff3d601ce61318888b067ae86830a0d

  • SHA256

    046d641df9a0760fd644fa1c6ac40ae65bc85a102f285dbe2182eafac3283043

  • SHA512

    57b12ec3f8250232f8dd1432b34bef2a08f770f95c6f6a90ea9e717e1906b900a9f550a4bc294a117d5459cb19ab13e3f9465645d67071ecd9f78f5a4ba9ebe1

Malware Config

Extracted

Family

icedid

Campaign

312921187

C2

explorblins.com

Targets

    • Target

      file/a4lomar.dll

    • Size

      180KB

    • MD5

      a1f6b015fc285ccc79a77b543d923f44

    • SHA1

      0de6584f712d2e8369d61433e7ad5e2ad5bd4193

    • SHA256

      d6e7162c6a0a8f6063c52a3346fdca5c8e2822e479a5b6e644a716b92bc653d5

    • SHA512

      5e124ef37e69caaa3dd18047c44badcb280be13fefdd4bdb80b99f3b2f24dde15863a6867d1fe61afa3b3becbddc2d60ec266e5bb0b4a565ebf23c1e587558c2

    Score
    1/10
    • Target

      file/start.bat

    • Size

      50B

    • MD5

      95ccdd55afd7913a178668f4474090f9

    • SHA1

      f0d6c2fab07e4e2f85ee8527af6d288bc3c2c4e9

    • SHA256

      a93be9c38831a9dad47aeeb1e249e40438ca55a9dcb739885d81e247d5b2634a

    • SHA512

      e33b67eec13706ff3eb40534d6ed246551a8b56a7c19b8af2619faccca2f60dcdf6843324ad6a16dfa9bd2921d901a3d845d9128e77b9a4411ce34590dc63983

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks