General

  • Target

    clock_in.msi

  • Size

    720KB

  • Sample

    221205-x39xyaha58

  • MD5

    67d8f0f4203f74c7dc9c3ea8a00ab6b8

  • SHA1

    ca6fd6caed882f183bc25963c4ea7f11923d7680

  • SHA256

    de81ef356acc2e199252f8fe2a894c36c6e327d5efd3abaaa7df477f3942e33b

  • SHA512

    3b71d35bd608d6f1b970faeb641b9347dd48f686295b18ffac96f121c227c203527892ef298705687a9084bd2aca2171b23d52316c337891a63ef00e85c1b366

  • SSDEEP

    12288:QwHL0D7lkCPumy9chfA+tl8B0igC+/NHBh1SMHs:lHL01/zyt+b8BtZKBzSE

Malware Config

Extracted

Family

icedid

Campaign

787509923

C2

kamintrewftor.com

Targets

    • Target

      clock_in.msi

    • Size

      720KB

    • MD5

      67d8f0f4203f74c7dc9c3ea8a00ab6b8

    • SHA1

      ca6fd6caed882f183bc25963c4ea7f11923d7680

    • SHA256

      de81ef356acc2e199252f8fe2a894c36c6e327d5efd3abaaa7df477f3942e33b

    • SHA512

      3b71d35bd608d6f1b970faeb641b9347dd48f686295b18ffac96f121c227c203527892ef298705687a9084bd2aca2171b23d52316c337891a63ef00e85c1b366

    • SSDEEP

      12288:QwHL0D7lkCPumy9chfA+tl8B0igC+/NHBh1SMHs:lHL01/zyt+b8BtZKBzSE

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Tasks