General

  • Target

    pettish.db.exe

  • Size

    452KB

  • Sample

    221003-hsnjmacdb3

  • MD5

    6b4713395b6b24fa138b6395b065dcf1

  • SHA1

    56d4dcc17730c3401fbb747f8e4eaec230e0b87a

  • SHA256

    052541f7dba593fcf623cf09898e035a2bd94d130e0677478e3bf64b60563928

  • SHA512

    0dc39329b7fa050ae5be22eca70b108e6bdf8db74f401f92d68ecb9d8d05c54158f9d2820ca58f1d0725997f556715b9164b757fc53ba0ef1d8d748b4f096074

Malware Config

Extracted

Family

icedid

Campaign

2349072319

C2

sebdgoldingor.com

Targets

    • Target

      pettish.db.exe

    • Size

      452KB

    • MD5

      6b4713395b6b24fa138b6395b065dcf1

    • SHA1

      56d4dcc17730c3401fbb747f8e4eaec230e0b87a

    • SHA256

      052541f7dba593fcf623cf09898e035a2bd94d130e0677478e3bf64b60563928

    • SHA512

      0dc39329b7fa050ae5be22eca70b108e6bdf8db74f401f92d68ecb9d8d05c54158f9d2820ca58f1d0725997f556715b9164b757fc53ba0ef1d8d748b4f096074

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation