General

  • Target

    Doc-2023-10-19-7387.iso

  • Size

    1.8MB

  • Sample

    231020-jgr84sgh53

  • MD5

    6a7fe58585668185b94cc9b1df9965a0

  • SHA1

    6aaac8babf4c5422edeada73145e069d332fb8cd

  • SHA256

    d45926be94654cd4c4fa827b90c85eb1f6fd4a7940e479703939171bf19be148

  • SHA512

    0212aaee893c8dfa7f92c0e88201aea7344d98c4fc1bb51127ec5b71e043afd81e731b12c82e34c8924754b30fb16f9746e57d43e9685ddb6358c742aa87f34a

  • SSDEEP

    6144:hZ4gPlUMNfNBepnXotTcHF4lFhl5d39rIX/ZZQkd:hbWMN3eKtTclMFhfdtc/ZKW

Malware Config

Extracted

Family

icedid

Campaign

2478295045

C2

mistulinno.com

Targets

    • Target

      CLICK-TO-OPEN.lnk

    • Size

      1KB

    • MD5

      52bf72e4cedbb392836027e06c42d4e3

    • SHA1

      1c908eca7ea187182518f9460a5427bd0fee5729

    • SHA256

      7be1b1a44c955df440f0af5a0300f0c810fbfe453c575e3ac22f48a23d0d6325

    • SHA512

      3dee031c8ae24aca64c903e56156d9d618d3dbf320c211aed38ea401048635f5df32e91615cbcf1df1b4360e9e7c36e6dee268f60bff5557c4674ac9c2ec35a0

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      consequuntur.quia

    • Size

      666KB

    • MD5

      ac4aecda0695f60103bad93e1e6f69ac

    • SHA1

      fc3d0e0c3173dcf5676dfcf05ba7ac664f3f5ab1

    • SHA256

      6a2049b5f40e9c8a100616ed813a427bbb3c570822bd03d3d30ecb936b0b30c6

    • SHA512

      dbb2bfbd720540659465c9a2e65b3637a2851ae85966d81712b3844a0516ea3b3d32f92957cb35b48a58d6788524bf2580796de63e90b04295450f245151befa

    • SSDEEP

      6144:GZ4gPlUMNfNBepnXotTcHF4lFhl5d39rIX/ZZQk:GbWMN3eKtTclMFhfdtc/ZK

    Score
    1/10
    • Target

      eum.bat

    • Size

      66B

    • MD5

      b4abe89395a93931b2bebf7b120ec6b1

    • SHA1

      5a85d3a3afc7fdbd3c8352183bf18c6388b4189b

    • SHA256

      4fe205c5206e15779436e071638b8d7ce71ad0e50271460a7ebe7b5c1b838b3f

    • SHA512

      8ebfdac28f0ce810b7b2118b955bab323cfa33ef97e5b93f02bcbebcaa85b1d21845bd3bb238504e283d448795f7a394a81778e5265d7a6c61cfc8070ee78091

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Modifies Installed Components in the registry

MITRE ATT&CK Enterprise v15

Tasks