General

  • Target

    Files Extracted from ISO.zip

  • Size

    61KB

  • Sample

    220721-ymz88saccj

  • MD5

    2067361ef2cc94afeffb182509b59ee4

  • SHA1

    f8fc979f7cec8a380d399da1694368b56eff02aa

  • SHA256

    63e579485ebaa74d5524db51abb1e6ca3e64f62bfcde64f5c5acc06e14cd6a87

  • SHA512

    aa848854bf0add6583fd93e4c93055c5bf3c903eb7732e6b5438416d19b8bb46f382b29ce7c84d64a05ee2c59b5c6ea8b411450a2796972c967c3899a8b0b9b5

Malware Config

Extracted

Family

icedid

Campaign

312921187

C2

explorblins.com

Targets

    • Target

      Files Extracted from ISO/a4lomar.dll

    • Size

      180KB

    • MD5

      eaef5e4a8d0a26faada04f11aaf559a0

    • SHA1

      596b126083f447c6b4b4ef8011058000cc130334

    • SHA256

      9cecc025ac9c726ac23f60a6d7db45cd08db4588bf1305d3eb4856cdc9b44328

    • SHA512

      54aee4c384f7fc780a36331b8cbd8ce77bcf990e61867a1a87c47fc757d7ece5b6aec0350f9eb9f308a872aaa65e2af2f6da93104a776659cd9b4d87fee11e57

    Score
    1/10
    • Target

      Files Extracted from ISO/documents.lnk

    • Size

      1KB

    • MD5

      cb688ad93e582b3ca1c9948afb890961

    • SHA1

      28b2d8b2a2f344332b3fdb1aadb0b08cc463dbcd

    • SHA256

      d0dcf0ef859cae89068152e08323fd7175eda951a050b36e11db29bcd931abe6

    • SHA512

      80a1b76a131e09bcc077a4438ad8cacbd993963496d2ce4abcefa09ed00cd8e3ddc0268a1bdc66e571c3f766deb4c1a47a3e588db3483cd2bab848b849e44748

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v6

Tasks