General

  • Target

    NEAS.5f8bb53913d475e5f1f82d4fdc70f820.exe

  • Size

    328KB

  • Sample

    231016-wz667sdh8x

  • MD5

    5f8bb53913d475e5f1f82d4fdc70f820

  • SHA1

    4e8929375e4b845191efe2206085d34b31759965

  • SHA256

    347ae21ab28f50dc3575dfa9625823de77125cda644db11940374cca505878d8

  • SHA512

    6c1665f8527ae003d4b17c125dfacc4b87462009aad419002b6681b7a02cf16d6db751cb4d97e684d9c27f102b0688b3765a8d31e60aa94b9b924540a0e27ef5

  • SSDEEP

    6144:uN/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmUJkE2PFXl2VuwsRBA:u5FCOWGRayW6sAowXFmUJk9bY

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      NEAS.5f8bb53913d475e5f1f82d4fdc70f820.exe

    • Size

      328KB

    • MD5

      5f8bb53913d475e5f1f82d4fdc70f820

    • SHA1

      4e8929375e4b845191efe2206085d34b31759965

    • SHA256

      347ae21ab28f50dc3575dfa9625823de77125cda644db11940374cca505878d8

    • SHA512

      6c1665f8527ae003d4b17c125dfacc4b87462009aad419002b6681b7a02cf16d6db751cb4d97e684d9c27f102b0688b3765a8d31e60aa94b9b924540a0e27ef5

    • SSDEEP

      6144:uN/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmUJkE2PFXl2VuwsRBA:u5FCOWGRayW6sAowXFmUJk9bY

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks