Overview

overview

10

Static

static

3

d40ab1b49c...18.exe

windows7-x64

10

d40ab1b49c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d40ab1b49cd288ceb9e916ee64799ae1_JaffaCakes118

  • Size

    64KB

  • Sample

    240908-lggtgsyamq

  • MD5

    d40ab1b49cd288ceb9e916ee64799ae1

  • SHA1

    e34edbe081b6639f54347aa8a5f804a792af2efd

  • SHA256

    6e19add81ea292a2e62357b9929a850ec4ed16f12040f49a5bbe0f1038812c42

  • SHA512

    8cc7c518541b3741b860e299b6de61e89dce19ba7ef20285c15d9b43d6d59d42dc2c7c7b9f9b6704cf105f4e8eb8bc3a8c552734caa214359f625fe9f2393c94

  • SSDEEP

    1536:ngA2vszzHtCgBrNFLb2a3BqdY9URm4nRCoii0xGRxGThG0hGrCdb9a7ht:gAEs/tCgBrnv3BqdY9URmaRCoMGPGtGf

Score
10/10
icedid2564056318bankerdiscoveryloadertrojan

Malware Config

Extracted

Family

icedid

Botnet

2564056318

C2

sheaffic.org

memphase.com

vulcate.com

sheaffic.com

eurobable.com
Attributes
  • auth_var

    1

  • url_path

    /index.php

Targets

    • Target

      d40ab1b49cd288ceb9e916ee64799ae1_JaffaCakes118

    • Size

      64KB

    • MD5

      d40ab1b49cd288ceb9e916ee64799ae1

    • SHA1

      e34edbe081b6639f54347aa8a5f804a792af2efd

    • SHA256

      6e19add81ea292a2e62357b9929a850ec4ed16f12040f49a5bbe0f1038812c42

    • SHA512

      8cc7c518541b3741b860e299b6de61e89dce19ba7ef20285c15d9b43d6d59d42dc2c7c7b9f9b6704cf105f4e8eb8bc3a8c552734caa214359f625fe9f2393c94

    • SSDEEP

      1536:ngA2vszzHtCgBrNFLb2a3BqdY9URm4nRCoii0xGRxGThG0hGrCdb9a7ht:gAEs/tCgBrnv3BqdY9URmaRCoMGPGtGf

    Score
    10/10
    icedid2564056318bankerdiscoveryloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • IcedID Second Stage Loader

      loader
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks