General

  • Target

    Downloads.7z

  • Size

    50KB

  • Sample

    221202-x3j2hsaf6z

  • MD5

    b15728b8a0ebfa5d9eabe0be80703f69

  • SHA1

    3bce548e55a70b13f610eb2b9b12735326bcf61d

  • SHA256

    171e929a2ae1e25063d118009f4ff96e538bd7bbba9e56d031063235966ab67e

  • SHA512

    63f222457b9d04ecad78e4d26a37496098d3beb2d41c3d72583bc8e90c69907cbbf0eb440e4b6241c96f76123e2b8eed5d06b9cfd78c50fc694d85e351c47a52

  • SSDEEP

    1536:DMF4dFffPff/EAQVNjdpMH1PPJFBd17Bgwm2HH:oF4bZ+NjnuPPD1tgwrn

Malware Config

Extracted

Family

icedid

Campaign

2271535685

C2

babysoftletirs.com

Targets

    • Target

      Scan.lnk

    • Size

      2KB

    • MD5

      f3af4f62c6e8e9c2ea02ba43e284cace

    • SHA1

      b415f25d6863e81ef48d2e5608f8957072a01776

    • SHA256

      5a4d19234330276457f2a8a87af5d5df88d94d6d5a495d5bc7ebd81d677ea10f

    • SHA512

      7355227536a684e8cb002dd3d8e36a72695a4197d23561acb0263d59bb3aa65e230830ff7d0b98c75b6fd032ef0d6cb1f3f8376a5dbee6fee7d01538ce45883c

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Target

      torpat/micropublishing.dll

    • Size

      161KB

    • MD5

      13dc944a91cffd0385e29ea899a43af2

    • SHA1

      793cfb6887fd324583ab1df77ff5e96391a3887b

    • SHA256

      af5f6f066ffc8c375d6e4d1138d63da32014d7ea21b8b7582da0cd8b97794cbe

    • SHA512

      258c0c920f0e76f2b883f967cf73114890f61abbee0824d9b2e913623feaeb53c2b1179bc34df49627fe39459e1d9b20986186015fa0168c7b452eeba7449c39

    • SSDEEP

      3072:rag+wcWn3nAVoBOSMc3NtwhGNS+4is6b2:rJwYl3S1ub2

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Target

      torpat/sueJl.cmd

    • Size

      1KB

    • MD5

      76d70c596609b0ce870793b8d36fdd75

    • SHA1

      c6e8255b707459dcbe790d9ca6d4ef8332caeb09

    • SHA256

      ebeb93a0166f4482c596cb7894647538a9c87eb08cb3bfa1d9e529648eb80112

    • SHA512

      b89bc6d48f659ac3cc3829c1ef88d21038da6765b7c8237f4da20008296f30d5b2443b19863efa9c491d02e1836d8995c170a204e6aa96a18f00316fca03c3d8

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks