General

  • Target

    imparted.db.exe

  • Size

    679KB

  • Sample

    221003-hsm8vscda2

  • MD5

    8214d82abb0300ca02562a59bf1de91e

  • SHA1

    3e652df50f7761e979942e6deab6b5b511ed80d7

  • SHA256

    423c2433f2854310f94740c92ccb0b206a965dad8528261a13cd77a439846fb3

  • SHA512

    bbca4278bc2ecf841db0c60b722ee937c48ebeecf42bf7d7f35e764be1e507bc1e7c8c8b722858a9a3005bce159b0be5400ebd5ab1caef2c2f5cea57addc9ab5

Malware Config

Extracted

Family

icedid

Campaign

2909555027

C2

guversaksi.com

Targets

    • Target

      imparted.db.exe

    • Size

      679KB

    • MD5

      8214d82abb0300ca02562a59bf1de91e

    • SHA1

      3e652df50f7761e979942e6deab6b5b511ed80d7

    • SHA256

      423c2433f2854310f94740c92ccb0b206a965dad8528261a13cd77a439846fb3

    • SHA512

      bbca4278bc2ecf841db0c60b722ee937c48ebeecf42bf7d7f35e764be1e507bc1e7c8c8b722858a9a3005bce159b0be5400ebd5ab1caef2c2f5cea57addc9ab5

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation