General

  • Target

    qIfRtTz.dat

  • Size

    326KB

  • Sample

    220725-tkmsxadde7

  • MD5

    6f0e35c6d4c79815a3f40b1c857bb033

  • SHA1

    51d5ba727ad7dcaecb8241d2afc6253f54bf13b5

  • SHA256

    db32431f3df3693dbe9db49bbe07dfffc9c92ac5c2e33336d17b5d954854ed52

  • SHA512

    1f816d735097cc836b5b27d8fe4aee08a3339d3ed851364a4369afb15e5352d8ab7b6352e9e167907ae51bad75431a2bfd4bab52cb5119cdeb79e195f1d12786

Malware Config

Extracted

Family

icedid

Campaign

801015007

C2

eventbloodd.com

Targets

    • Target

      qIfRtTz.dat

    • Size

      326KB

    • MD5

      6f0e35c6d4c79815a3f40b1c857bb033

    • SHA1

      51d5ba727ad7dcaecb8241d2afc6253f54bf13b5

    • SHA256

      db32431f3df3693dbe9db49bbe07dfffc9c92ac5c2e33336d17b5d954854ed52

    • SHA512

      1f816d735097cc836b5b27d8fe4aee08a3339d3ed851364a4369afb15e5352d8ab7b6352e9e167907ae51bad75431a2bfd4bab52cb5119cdeb79e195f1d12786

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks