General

  • Target

    flagstaff.db

  • Size

    476KB

  • Sample

    220927-t5rmladhg5

  • MD5

    7d81188fd25fbfc8b57b1889cc6ae180

  • SHA1

    4dc6aa65779ec365bc1622bf0b28a5328acf4ac3

  • SHA256

    66608501a21447082fe287bd99a8d7b7f0049e2ab3d161e3a3cfbf3e1f28b3bb

  • SHA512

    0abb06d262ce25bd5e979789568f622e839cf4fc36bade958a8d1d13a3bfbb97a99665a6df91c2aa8c480da6e3d084ea4feacf0ec1e02cc5a207d9fb39a83d91

  • SSDEEP

    6144:2nUq1i6qMhmPGx96QeQSIpBYMeepMRT9xa5yqwH:SUq1i6qbGx4IpheepMFLaAqo

Malware Config

Extracted

Family

icedid

Campaign

3228182693

C2

tezycronam.com

Targets

    • Target

      flagstaff.db

    • Size

      476KB

    • MD5

      7d81188fd25fbfc8b57b1889cc6ae180

    • SHA1

      4dc6aa65779ec365bc1622bf0b28a5328acf4ac3

    • SHA256

      66608501a21447082fe287bd99a8d7b7f0049e2ab3d161e3a3cfbf3e1f28b3bb

    • SHA512

      0abb06d262ce25bd5e979789568f622e839cf4fc36bade958a8d1d13a3bfbb97a99665a6df91c2aa8c480da6e3d084ea4feacf0ec1e02cc5a207d9fb39a83d91

    • SSDEEP

      6144:2nUq1i6qMhmPGx96QeQSIpBYMeepMRT9xa5yqwH:SUq1i6qbGx4IpheepMFLaAqo

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks