General

  • Target

    Desktop.zip

  • Size

    81KB

  • Sample

    220725-tcy6zadad6

  • MD5

    76d978ff7417daeb977381bc05437235

  • SHA1

    905e2fc901a5d481cff6be0a9ca6144437662b01

  • SHA256

    30ed2efd76f309efd4b853a3efb2f240906a36edca47f8616a6981bc9eab01df

  • SHA512

    fae6f133778c4c2bb521d98447c6b7b1bf152d109b8bd921d0f26aae6ac3ade3404f20b5de6ffd62a0a7bfe98e16b65fb80533365b9fef363de1d41c81dd66e8

Malware Config

Extracted

Family

icedid

Campaign

4149266980

C2

floatascentry.com

Targets

    • Target

      documents.lnk

    • Size

      1KB

    • MD5

      75eba57c332573915fa4547c735bfeb0

    • SHA1

      178c8465dc4d7f38d15396bcf2655a90e63e7c1c

    • SHA256

      a82828f07dbc49fbbb62d0bceb3655978c93fca720cd2dace8265a9052e3fee2

    • SHA512

      df15de37185c6778a888d0092df2b300d4376ab832d62a10534136ab20594f07938d8c7b37ce994ea2396da2b9a906ec26cd22e802a3ccf9fbd3cda1164b134d

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      so2ra4.dll

    • Size

      318KB

    • MD5

      9b7a8483c04543e87b09658717219d44

    • SHA1

      48741415154f1148d6910165658ed056e9ad7249

    • SHA256

      15c0f11ed817ad32034de1da17fda8d6328d895fda20548eda176ee0982c6aa8

    • SHA512

      cbc703457713d5e85024023b7f82927469f810c23a2b6b8994aceee03d4df6e3b6c09efa79d31067996bd82a9f7a3aae59c9787334057237f0deccb0b3f82192

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks