General

  • Target

    61249740d1ecb3a12f4652e17c745802_JaffaCakes118

  • Size

    211KB

  • Sample

    240520-2gft7ahh32

  • MD5

    61249740d1ecb3a12f4652e17c745802

  • SHA1

    7052e7962eab69ab2e6425a10931a008d4736284

  • SHA256

    ab08d113bb0f4fb6aa96997d03853aac162f93d8e6926de224186ab35255f310

  • SHA512

    90f56a0534297b6aaacc40573121e8c46e06ad4b3be8ce1a1eaf9ac788589a00f52cc6f1939b4dfde7c278e2d18fc80ddd84a2a01a05773487ba4912b1f11338

  • SSDEEP

    6144:6ZLw/yyWMa3NIBkL6LDW8dTZdw702edvxiuYOO6umz4N:6ZLw/yyHadIBkLIi8dTL2SvguYOO1mkN

Malware Config

Extracted

Family

icedid

C2

ldrstar.casa

Targets

    • Target

      61249740d1ecb3a12f4652e17c745802_JaffaCakes118

    • Size

      211KB

    • MD5

      61249740d1ecb3a12f4652e17c745802

    • SHA1

      7052e7962eab69ab2e6425a10931a008d4736284

    • SHA256

      ab08d113bb0f4fb6aa96997d03853aac162f93d8e6926de224186ab35255f310

    • SHA512

      90f56a0534297b6aaacc40573121e8c46e06ad4b3be8ce1a1eaf9ac788589a00f52cc6f1939b4dfde7c278e2d18fc80ddd84a2a01a05773487ba4912b1f11338

    • SSDEEP

      6144:6ZLw/yyWMa3NIBkL6LDW8dTZdw702edvxiuYOO6umz4N:6ZLw/yyHadIBkLIi8dTL2SvguYOO1mkN

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID First Stage Loader

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks