General

  • Target

    unpaid_loan_sample_20220725.zip

  • Size

    228KB

  • Sample

    220725-tkmsxadde6

  • MD5

    ee0697914e61c7a570c7935124b13071

  • SHA1

    780f4052c6ac1057c7959b4940d519a32fe9cc3e

  • SHA256

    b96220c1055bd0baa99252aa1778abb90dacdfa16ce0cd5d45f3f0a51ecedf9a

  • SHA512

    a479dd0a2d2eb4f5a7621b76811465a18a8a015df152c36ca18866a876b25675eb102c41a47af612bee4bfd2edfc3da1d9a4fd4c0eb62372a9dcf809803b2df1

Malware Config

Extracted

Family

icedid

Campaign

801015007

C2

eventbloodd.com

Targets

    • Target

      LoanStatus_07_25_22pdf.lnk

    • Size

      1KB

    • MD5

      4471d73d51ce27cd2429e0bf56bcd67f

    • SHA1

      91745738eef46ae5e564873cac61e4c81336a98c

    • SHA256

      9a5566c191c6d076ff9ff3312420f4f5361a5ff9c38dc66b88897c0de7736e6e

    • SHA512

      bb81d28d6b5c91c23f6ee64354496c70286486b22a5911cc21f32638e489a0f7401be51ae6ae75c144ced9e58d035957889d7b6353d73cb3cee4da8be11c03ba

    Score
    3/10
    • Target

      here/AmO7Koa.cmd

    • Size

      34B

    • MD5

      c5309caddcab2ec70a1a20c6fc8454dd

    • SHA1

      c5dff97b5e75c06e1409b7236d8d3b68380f8925

    • SHA256

      b6f81bb60fc210287913010d20b271e570383d8651f53471937148e03f7ec647

    • SHA512

      b59726f1216632c04c1855ac499d7ae15ca2c2f999bc7ed41f2243d8b45d7f5beab57a409ae3b8414bb4c33170d4125ee4d5bac370da81b3af19d543c4a315a2

    Score
    1/10
    • Target

      here/aSR0li1t.js

    • Size

      280B

    • MD5

      4c5953924bf9f32a5325333a06ea8936

    • SHA1

      9c30f0f53ff6bdc503b0a05f8da6cef36a45877a

    • SHA256

      c9ea42248e98dd43fa5bcd1a90237420f1072b240edc716a75c72f1c3621d625

    • SHA512

      1128d09d12674ffecbe8af70378c4b94c75419f6565119b25134e7240eda6899cdd9a00b83c64bcb83ff474651a6ebe5c5eb9e23d501f42c97419ffa8581358a

    Score
    1/10
    • Target

      here/qIfRtTz.dat

    • Size

      326KB

    • MD5

      6f0e35c6d4c79815a3f40b1c857bb033

    • SHA1

      51d5ba727ad7dcaecb8241d2afc6253f54bf13b5

    • SHA256

      db32431f3df3693dbe9db49bbe07dfffc9c92ac5c2e33336d17b5d954854ed52

    • SHA512

      1f816d735097cc836b5b27d8fe4aee08a3339d3ed851364a4369afb15e5352d8ab7b6352e9e167907ae51bad75431a2bfd4bab52cb5119cdeb79e195f1d12786

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks