General

  • Target

    24d50b8e2e2404b32ecf99f5071457e5

  • Size

    30KB

  • Sample

    231231-c57kdabed9

  • MD5

    24d50b8e2e2404b32ecf99f5071457e5

  • SHA1

    0a5c4057c36202304c9ae2b47cf5769ae6b73873

  • SHA256

    27fe8f2fb4544c471bf73d5ffd0dd75a32c30d7ebdf39d6eea2fc760d12c1b8c

  • SHA512

    4f79d66168596fc653b376472f0bdacf964a07d27eb6db2036bb13630a8ce5676ac6598c85edb3e8978e524b722d4ae935bb387f8c9b7c6fc2f0ecfeaf80fa68

  • SSDEEP

    768:a9Leb5UIQIGDUeyd9BWYh3eMTUcDvD9+5XcXRBESgqykx9:a9LG5RXOoJ3pUcDrEVcXRBOqX9

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

453491619

C2

bomberfiller.cyou

fekoliture.cyou

bomminollio.co

landingforced.co

Attributes
  • auth_var

    26

  • url_path

    /audio/

Targets

    • Target

      2cdf066be8b5278ab728277cd77b8f3f5bc042a89e4e386b3202c8c6c4be737b

    • Size

      56KB

    • MD5

      7e198bc723b2db4378fcf6bebfd8f434

    • SHA1

      c1c3d7f5b2af29f855ec0da721b2008a5f9ce8fe

    • SHA256

      2cdf066be8b5278ab728277cd77b8f3f5bc042a89e4e386b3202c8c6c4be737b

    • SHA512

      fd7e5951ad9564ab86facdac352c43f8f76bda79a2befa1be91d65fcaf238bd3073c94e86dedb4536b0da5b8980b0f222c3ada88644f8cc429d66bfac185db16

    • SSDEEP

      768:JCJ3ujJ2RmNyjC39wPTkb/2SD4VB6H4rFSuFy4p3qHiWtjG4rFN+:U0pN05I/54VXSuw4QJGwFg

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

MITRE ATT&CK Matrix

Tasks