General

  • Target

    6e9beb70949e08edb764bec70d8c280c_JaffaCakes118

  • Size

    232KB

  • Sample

    240524-qbyx2aef99

  • MD5

    6e9beb70949e08edb764bec70d8c280c

  • SHA1

    f873e54284fea6b0182f783960f3ed4fa270232f

  • SHA256

    9d7755e665f6a444252634488e167b54703914aac9fc7cd07a3f5b8ccf88c2cf

  • SHA512

    de9118e81f39dfd58acc973ff1be94eb028b79ac2e7105aedbb145daec1008a8bf0442f374b6d6cb8ebc34c1b19175a4edae9da6b03560a5d8619db1c9356580

  • SSDEEP

    3072:OMhhq+IsxN1ohHbhhrfKnGuFiVvYiEg5NJo2/fmBmjup9QzE:ThmTfKPFiVgi2CmBmCQE

Malware Config

Extracted

Family

icedid

Botnet

548174735

C2

aginia.net

aginia.top

aginia.in

aginia.tel

telected.com

telected.xyz

Attributes
  • auth_var

    5

  • url_path

    /index.php

Targets

    • Target

      6e9beb70949e08edb764bec70d8c280c_JaffaCakes118

    • Size

      232KB

    • MD5

      6e9beb70949e08edb764bec70d8c280c

    • SHA1

      f873e54284fea6b0182f783960f3ed4fa270232f

    • SHA256

      9d7755e665f6a444252634488e167b54703914aac9fc7cd07a3f5b8ccf88c2cf

    • SHA512

      de9118e81f39dfd58acc973ff1be94eb028b79ac2e7105aedbb145daec1008a8bf0442f374b6d6cb8ebc34c1b19175a4edae9da6b03560a5d8619db1c9356580

    • SSDEEP

      3072:OMhhq+IsxN1ohHbhhrfKnGuFiVvYiEg5NJo2/fmBmjup9QzE:ThmTfKPFiVgi2CmBmCQE

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

MITRE ATT&CK Matrix

Tasks