General

  • Target

    20220725.zip

  • Size

    80KB

  • Sample

    220725-rqd2vaaec6

  • MD5

    69603cf11939274dbfc0b9b0403d38f9

  • SHA1

    0d7934670f8f2c4cd00a990a16ad7b29a613e3b7

  • SHA256

    7165785dfa943c4301d3c41fe534e1e640558dd2cf1472d91563859473c49482

  • SHA512

    076683ac6e95cf1d19f6045fd42f240e3aa55a026e4b5cab632ec584199753acbf21e14aef8973ac00ffc3729fdb59ef7bf64bdf4ee55f0aed2fe755176f14de

Malware Config

Extracted

Family

icedid

Campaign

4149266980

C2

floatascentry.com

Targets

    • Target

      documents.lnk

    • Size

      1KB

    • MD5

      75eba57c332573915fa4547c735bfeb0

    • SHA1

      178c8465dc4d7f38d15396bcf2655a90e63e7c1c

    • SHA256

      a82828f07dbc49fbbb62d0bceb3655978c93fca720cd2dace8265a9052e3fee2

    • SHA512

      df15de37185c6778a888d0092df2b300d4376ab832d62a10534136ab20594f07938d8c7b37ce994ea2396da2b9a906ec26cd22e802a3ccf9fbd3cda1164b134d

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      so2ra4.dll

    • Size

      318KB

    • MD5

      6133bfa54f1ac476b1fdc581570bce34

    • SHA1

      d4da7922d963747197e166476363375bd678dd56

    • SHA256

      27034a7c21b1b1fbc471104f3ffb804974886653e73b958dba2a671e27c64e04

    • SHA512

      03147aca9ae4f9cef1fb02ba29d8701053de4720d84ce6daf8b8c3bc648b958eb1b7ced2a1e15973fe1ac7f742b3863091af50d53ab36b48dcabac0f3025bbdf

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks