General

  • Target

    greased.db.exe

  • Size

    452KB

  • Sample

    221003-hsm8vscch9

  • MD5

    aac6ab4f1caf549ea190d3db9077a65f

  • SHA1

    d78cb7235b1a9f3867f96d6ca062861d96ff6d81

  • SHA256

    2c17d9bdef6130eb1e3a4a5523b8b92ccb851d87661a38b141f43949f5b26915

  • SHA512

    dcc9941d2c22989c3662a514f51167f375ae42852eea200dcfd901379dbce5c235f0f84f253f5e8d3393b8d4ccb993dc050f6a061a35547dd03feb18470713f2

Malware Config

Extracted

Family

icedid

Campaign

2349072319

C2

sebdgoldingor.com

Targets

    • Target

      greased.db.exe

    • Size

      452KB

    • MD5

      aac6ab4f1caf549ea190d3db9077a65f

    • SHA1

      d78cb7235b1a9f3867f96d6ca062861d96ff6d81

    • SHA256

      2c17d9bdef6130eb1e3a4a5523b8b92ccb851d87661a38b141f43949f5b26915

    • SHA512

      dcc9941d2c22989c3662a514f51167f375ae42852eea200dcfd901379dbce5c235f0f84f253f5e8d3393b8d4ccb993dc050f6a061a35547dd03feb18470713f2

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation