General

  • Target

    disintegrator.db

  • Size

    672KB

  • Sample

    221001-vkzcdagch5

  • MD5

    96316a0bf1ea3bbf16e7237ac3cdb8b7

  • SHA1

    6f4dc106ca3a1eea29c71097b3d6cd9dfa3b95ed

  • SHA256

    44bb6231a0ed40b885c744714be225a18f0a9e57e7bd44a72b5966989856d0b9

  • SHA512

    35f22737640c27dd0a0b6ed3f571e5f05e1e23b3fbd1be7f969bc8bfcf1ae8b7274c13c9035743607d512f924088b920d62628e1341471b8f44a1369c6b3c8c0

Malware Config

Extracted

Family

icedid

Campaign

2399258081

C2

eysneolissionsm.com

Targets

    • Target

      disintegrator.db

    • Size

      672KB

    • MD5

      96316a0bf1ea3bbf16e7237ac3cdb8b7

    • SHA1

      6f4dc106ca3a1eea29c71097b3d6cd9dfa3b95ed

    • SHA256

      44bb6231a0ed40b885c744714be225a18f0a9e57e7bd44a72b5966989856d0b9

    • SHA512

      35f22737640c27dd0a0b6ed3f571e5f05e1e23b3fbd1be7f969bc8bfcf1ae8b7274c13c9035743607d512f924088b920d62628e1341471b8f44a1369c6b3c8c0

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation