General

  • Target

    55373dadacce0948c35bec4521f423886d931f3143bd89f10b109a0130bb5bbd

  • Size

    619KB

  • Sample

    220725-t7ze8aafhj

  • MD5

    e86fba721d4415b0527b3f5264b5f1d5

  • SHA1

    8ea963c7ebe4015dd520725cda4f62b14ffc1678

  • SHA256

    55373dadacce0948c35bec4521f423886d931f3143bd89f10b109a0130bb5bbd

  • SHA512

    7e762b091bae01e3be483b68ec6231e8ab4f82f189e49931e7fe12437deaf0371d55e3e7b1ab3347d1ba5c41d69f6e22b31b52c2d94f50fe63fe58b6c37d9e50

Malware Config

Extracted

Family

icedid

Botnet

829561804

C2

monerto.top

guiertr.top

tyuerse.top

ziones.top

gerrredona.top

nameseorin.top

dirosad.top

colonisfg.com

Attributes
  • auth_var

    1

  • url_path

    /index.php

Targets

    • Target

      55373dadacce0948c35bec4521f423886d931f3143bd89f10b109a0130bb5bbd

    • Size

      619KB

    • MD5

      e86fba721d4415b0527b3f5264b5f1d5

    • SHA1

      8ea963c7ebe4015dd520725cda4f62b14ffc1678

    • SHA256

      55373dadacce0948c35bec4521f423886d931f3143bd89f10b109a0130bb5bbd

    • SHA512

      7e762b091bae01e3be483b68ec6231e8ab4f82f189e49931e7fe12437deaf0371d55e3e7b1ab3347d1ba5c41d69f6e22b31b52c2d94f50fe63fe58b6c37d9e50

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks