General

  • Target

    indecisions.db.exe

  • Size

    476KB

  • Sample

    221003-hsnjmadhbp

  • MD5

    481ad12b470dbbf517cd7c0d57853e25

  • SHA1

    724b2ad2e315d0bc0ce77f7127d77e91a22c3460

  • SHA256

    55405ffd41378e8f9cadac13bb5eac0128c332dd8993d3b8e83e1a1f412cb7fb

  • SHA512

    ec243a2fd0a1a44e7701f14a7023a7ecb575e7847614b26895cb72ad6369b93911965bdc85cffe56b2717e1353d078388fce2935cee613706adf3ad8197cdc32

Malware Config

Extracted

Family

icedid

Campaign

3228182693

C2

tezycronam.com

Targets

    • Target

      indecisions.db.exe

    • Size

      476KB

    • MD5

      481ad12b470dbbf517cd7c0d57853e25

    • SHA1

      724b2ad2e315d0bc0ce77f7127d77e91a22c3460

    • SHA256

      55405ffd41378e8f9cadac13bb5eac0128c332dd8993d3b8e83e1a1f412cb7fb

    • SHA512

      ec243a2fd0a1a44e7701f14a7023a7ecb575e7847614b26895cb72ad6369b93911965bdc85cffe56b2717e1353d078388fce2935cee613706adf3ad8197cdc32

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation