Resubmissions

04-02-2023 01:15

230204-bl8snafc9x 10

04-02-2023 01:06

230204-bf6q4sca55 1

03-02-2023 20:12

230203-yzcnpsba58 1

General

  • Target

    view.png.dll

  • Size

    291KB

  • Sample

    230204-bl8snafc9x

  • MD5

    6b1e64957316e65198e3a1f747402bd6

  • SHA1

    f4df8c9d37a76eadf1125a74865032d83920123b

  • SHA256

    fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe

  • SHA512

    dfc44776ec1bef64531228f9894e22a6f84a3009382044265ae51fb9cc664e8565516a3c969860548256a225902a2129709859269121f6c1ee784fc56194d2ff

  • SSDEEP

    6144:DaP0aNyfRYkalElFD5EX7ZEL1PJ07ohmfTSf420:DU0aYRrzDSX7JoU20

Malware Config

Extracted

Family

icedid

Campaign

3954321778

C2

ehonlionetodo.com

Targets

    • Target

      view.png.dll

    • Size

      291KB

    • MD5

      6b1e64957316e65198e3a1f747402bd6

    • SHA1

      f4df8c9d37a76eadf1125a74865032d83920123b

    • SHA256

      fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe

    • SHA512

      dfc44776ec1bef64531228f9894e22a6f84a3009382044265ae51fb9cc664e8565516a3c969860548256a225902a2129709859269121f6c1ee784fc56194d2ff

    • SSDEEP

      6144:DaP0aNyfRYkalElFD5EX7ZEL1PJ07ohmfTSf420:DU0aYRrzDSX7JoU20

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks