General

  • Target

    58c8518a85d32448881050757f6a8b0468636d3ebb74315023d9963b32355501

  • Size

    376KB

  • Sample

    220725-eeta6sdea5

  • MD5

    407cde16473474c15f66651307e42d9b

  • SHA1

    8afbecd6f857f4e512193449864326518648d3b0

  • SHA256

    58c8518a85d32448881050757f6a8b0468636d3ebb74315023d9963b32355501

  • SHA512

    e50bdd2c4cd82c4430c4ef8dd49175a2c9143ce3180bf0bb77b0eb05a204c19eac1ff480cfdcce47659796c6f2a0eea4c9145a641b52678e3afae9f338ce1920

Malware Config

Extracted

Family

icedid

Botnet

513366864

C2

magnwnce.com

corposted.com

presifered.com

coujtried.com

molinaro.top

amongolia.com

jjanuatu.com

Attributes
  • auth_var

    11

  • url_path

    /index.php

Targets

    • Target

      58c8518a85d32448881050757f6a8b0468636d3ebb74315023d9963b32355501

    • Size

      376KB

    • MD5

      407cde16473474c15f66651307e42d9b

    • SHA1

      8afbecd6f857f4e512193449864326518648d3b0

    • SHA256

      58c8518a85d32448881050757f6a8b0468636d3ebb74315023d9963b32355501

    • SHA512

      e50bdd2c4cd82c4430c4ef8dd49175a2c9143ce3180bf0bb77b0eb05a204c19eac1ff480cfdcce47659796c6f2a0eea4c9145a641b52678e3afae9f338ce1920

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

MITRE ATT&CK Matrix

Tasks