General

  • Target

    59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118

  • Size

    176KB

  • Sample

    240519-lfvnysbh9x

  • MD5

    59b3c322d96ea9484bba43e7271b8a07

  • SHA1

    7c701e74728bd495d8b3ee4c2c478b76c4c93349

  • SHA256

    7a1f440b6b21b1ddd98c2c6eb495910ad91d8097114348fbb24bb323676cb383

  • SHA512

    be6842e5ed751f6eb7a22ef9247d23bddd5594aebc45ea2f3bfd744060c684d391afbfdc3ef26c58452e5a2ccd0baa2ab16ecd044568c635a578821d206a1e98

  • SSDEEP

    3072:aPKgZsYU009yEesYZfIeIXn8DBNiAHRDmm5mNWg8e6:lgZsYU009yEW7o8DOAHRDmm5msgS

Malware Config

Extracted

Family

icedid

Botnet

1163895564

C2

aginia.net

aginia.top

aginia.in

aginia.tel

telected.com

telected.xyz

Attributes
  • auth_var

    4

  • url_path

    /index.php

Targets

    • Target

      59b3c322d96ea9484bba43e7271b8a07_JaffaCakes118

    • Size

      176KB

    • MD5

      59b3c322d96ea9484bba43e7271b8a07

    • SHA1

      7c701e74728bd495d8b3ee4c2c478b76c4c93349

    • SHA256

      7a1f440b6b21b1ddd98c2c6eb495910ad91d8097114348fbb24bb323676cb383

    • SHA512

      be6842e5ed751f6eb7a22ef9247d23bddd5594aebc45ea2f3bfd744060c684d391afbfdc3ef26c58452e5a2ccd0baa2ab16ecd044568c635a578821d206a1e98

    • SSDEEP

      3072:aPKgZsYU009yEesYZfIeIXn8DBNiAHRDmm5mNWg8e6:lgZsYU009yEW7o8DOAHRDmm5msgS

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

MITRE ATT&CK Matrix

Tasks