General

  • Target

    866364f529dbcaf4c23c814d9400d441.dll.exe

  • Size

    672KB

  • Sample

    221004-tagh5sbdd4

  • MD5

    866364f529dbcaf4c23c814d9400d441

  • SHA1

    61beed8fbbabe4860beb020310de10d54aeaedc6

  • SHA256

    acdd6bc482cd6d0c6f4cd96633017f0914693858123b8cb01d5fceff9abf85f1

  • SHA512

    56e2e62767cd5c109399e79b65e57931d07ee0420b4b01f9c1d31e0ea3e312f0dd68392f0ad21daf1cfb90636d2e66194c3b3a67f8cda46438ffc223af26eb45

  • SSDEEP

    12288:ik6bSzrCEhwrC8yIJrlwgOW9xwMGwy0w7w4wJ+wwwZwb8bewf+HwddBlvm:ik6mPXR0gI7m

Malware Config

Extracted

Family

icedid

Campaign

2399258081

C2

eysneolissionsm.com

Targets

    • Target

      866364f529dbcaf4c23c814d9400d441.dll.exe

    • Size

      672KB

    • MD5

      866364f529dbcaf4c23c814d9400d441

    • SHA1

      61beed8fbbabe4860beb020310de10d54aeaedc6

    • SHA256

      acdd6bc482cd6d0c6f4cd96633017f0914693858123b8cb01d5fceff9abf85f1

    • SHA512

      56e2e62767cd5c109399e79b65e57931d07ee0420b4b01f9c1d31e0ea3e312f0dd68392f0ad21daf1cfb90636d2e66194c3b3a67f8cda46438ffc223af26eb45

    • SSDEEP

      12288:ik6bSzrCEhwrC8yIJrlwgOW9xwMGwy0w7w4wJ+wwwZwb8bewf+HwddBlvm:ik6mPXR0gI7m

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks