General

  • Target

    gootloader_payload.js

  • Size

    323KB

  • Sample

    220725-nwp5hsdhgn

  • MD5

    c4526e9525644a49c81d461ad7976ed8

  • SHA1

    505dc8617f15dbc54dabe38c73e36c7c4cebc5ac

  • SHA256

    7af49f898e175a7c96600fd26dc747953d6ddbcc18a21694f72176e52734c5a3

  • SHA512

    2cc8828df15757ae4b08c05d439b4c82585cb20fd2d6567b577f92da41c19aa96c66edc0fb9437447c407acb131480f0f8188bb6a0aa5a521fab5725b96c8317

Malware Config

Extracted

Family

icedid

Campaign

2442462831

C2

cootembrast.com

Targets

    • Target

      gootloader_payload.js

    • Size

      323KB

    • MD5

      c4526e9525644a49c81d461ad7976ed8

    • SHA1

      505dc8617f15dbc54dabe38c73e36c7c4cebc5ac

    • SHA256

      7af49f898e175a7c96600fd26dc747953d6ddbcc18a21694f72176e52734c5a3

    • SHA512

      2cc8828df15757ae4b08c05d439b4c82585cb20fd2d6567b577f92da41c19aa96c66edc0fb9437447c407acb131480f0f8188bb6a0aa5a521fab5725b96c8317

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks