General

  • Target

    unpaid_loan_sample_20220725.zip

  • Size

    228KB

  • Sample

    220725-ted9kshcfq

  • MD5

    ee0697914e61c7a570c7935124b13071

  • SHA1

    780f4052c6ac1057c7959b4940d519a32fe9cc3e

  • SHA256

    b96220c1055bd0baa99252aa1778abb90dacdfa16ce0cd5d45f3f0a51ecedf9a

  • SHA512

    a479dd0a2d2eb4f5a7621b76811465a18a8a015df152c36ca18866a876b25675eb102c41a47af612bee4bfd2edfc3da1d9a4fd4c0eb62372a9dcf809803b2df1

Malware Config

Extracted

Family

icedid

Campaign

801015007

C2

eventbloodd.com

Targets

    • Target

      LoanStatus_07_25_22pdf.lnk

    • Size

      1KB

    • MD5

      4471d73d51ce27cd2429e0bf56bcd67f

    • SHA1

      91745738eef46ae5e564873cac61e4c81336a98c

    • SHA256

      9a5566c191c6d076ff9ff3312420f4f5361a5ff9c38dc66b88897c0de7736e6e

    • SHA512

      bb81d28d6b5c91c23f6ee64354496c70286486b22a5911cc21f32638e489a0f7401be51ae6ae75c144ced9e58d035957889d7b6353d73cb3cee4da8be11c03ba

    Score
    3/10
    • Target

      here/AmO7Koa.cmd

    • Size

      34B

    • MD5

      c5309caddcab2ec70a1a20c6fc8454dd

    • SHA1

      c5dff97b5e75c06e1409b7236d8d3b68380f8925

    • SHA256

      b6f81bb60fc210287913010d20b271e570383d8651f53471937148e03f7ec647

    • SHA512

      b59726f1216632c04c1855ac499d7ae15ca2c2f999bc7ed41f2243d8b45d7f5beab57a409ae3b8414bb4c33170d4125ee4d5bac370da81b3af19d543c4a315a2

    Score
    1/10
    • Target

      here/aSR0li1t.js

    • Size

      280B

    • MD5

      4c5953924bf9f32a5325333a06ea8936

    • SHA1

      9c30f0f53ff6bdc503b0a05f8da6cef36a45877a

    • SHA256

      c9ea42248e98dd43fa5bcd1a90237420f1072b240edc716a75c72f1c3621d625

    • SHA512

      1128d09d12674ffecbe8af70378c4b94c75419f6565119b25134e7240eda6899cdd9a00b83c64bcb83ff474651a6ebe5c5eb9e23d501f42c97419ffa8581358a

    Score
    1/10
    • Target

      here/from.png

    • Size

      45KB

    • MD5

      324a5aab895e3f17bf729777425793e4

    • SHA1

      693e47335f1c054d3c5c80174b2a1f541f17f242

    • SHA256

      eda9045453a34554aa914d4153d870a249176f063b2efdf17678185cd5e7e8b8

    • SHA512

      240a1a319db460a0c00b3495bb0068e545929eb0e1f9dbab967ef195b2894da77c75352edce9fae38a3447e0e5c98cb790dc21a8754b5a777a2ca3d867b35eba

    Score
    3/10
    • Target

      here/get.png

    • Size

      22KB

    • MD5

      6cbda6cf92a22c8ab81b780a8955883a

    • SHA1

      d8fa92e3ad5ae481db6b6589743f4871be016453

    • SHA256

      5ff63ccb2ee163675559c9ed6c5f2bd4ff6812fb98d58066b3530f922772702e

    • SHA512

      f54c124797874dc57a4c1d3d80cadb55f0ddcb6af20ad6c64eec54a217adf87ce54f4f0cf6c56b89b850ded8c84f919c867cf76f5b12b2b8445a6f37bffeb87e

    Score
    3/10
    • Target

      here/of.txt

    • Size

      136KB

    • MD5

      000a77710b714962d85ec49f7018e36e

    • SHA1

      3fcca5ea08265037a76924b33b1bf8a1b860e078

    • SHA256

      97aa24ca1c23b12e48d4e24c95ae40b2a14d945de280f742aebc91088c496efe

    • SHA512

      1183199fe3ae569d6cd1fe422a605ce5dbe8d604d6a99361afcf536b73f45ab1ebdb605e400f315316c39e01c4edfe2efdb3131d91ec3860c98741571c4c238c

    Score
    1/10
    • Target

      here/on.txt

    • Size

      249KB

    • MD5

      c1e161c3b4ccbcd7cd98da245a8ac46d

    • SHA1

      87f19ea5a7edf10bb4fcd285da1e70c6c4234f9e

    • SHA256

      23469329037d0ca4afa0c68e42adbee142a027ad7c6a7031a8bb7f7d9777e7d5

    • SHA512

      50e5028a48950d1cac3a298a9467fc98d8a91bef180b9d717d7015d0075bc9a2e1631f8b3b2d34cb425d21766a1f6cf4834ec007aebeb56278d0100968a46968

    Score
    1/10
    • Target

      here/qIfRtTz.dat

    • Size

      326KB

    • MD5

      6f0e35c6d4c79815a3f40b1c857bb033

    • SHA1

      51d5ba727ad7dcaecb8241d2afc6253f54bf13b5

    • SHA256

      db32431f3df3693dbe9db49bbe07dfffc9c92ac5c2e33336d17b5d954854ed52

    • SHA512

      1f816d735097cc836b5b27d8fe4aee08a3339d3ed851364a4369afb15e5352d8ab7b6352e9e167907ae51bad75431a2bfd4bab52cb5119cdeb79e195f1d12786

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks