General

  • Target

    dd11fb3c9d76df104dd54cab9eabc403_JaffaCakes118

  • Size

    228KB

  • Sample

    240912-z6jk9swckc

  • MD5

    dd11fb3c9d76df104dd54cab9eabc403

  • SHA1

    63f7f1b2281f82bec711ab3dc490abde5a24f288

  • SHA256

    86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16

  • SHA512

    1532121e4d03955f5a4c33bd622a5da09357b37448ea923dacf12ca98e77af822de1dc3af3cd773f23d175c9b1cf5c42e914b01dbd150528d62e46b738f01949

  • SSDEEP

    3072:DvbniW198DEYusGG2dIcnnhIm3fbk/1WJC6qidEIiCu8o3Bo84/X3wrbiW14:DJX8DAsGGDchISj95+CuOX/

Malware Config

Extracted

Family

icedid

Botnet

3940132575

C2

besitxavier.best

nazifestivo.best

Attributes
  • auth_var

    2

  • url_path

    /audio/

Extracted

Family

icedid

Targets

    • Target

      dd11fb3c9d76df104dd54cab9eabc403_JaffaCakes118

    • Size

      228KB

    • MD5

      dd11fb3c9d76df104dd54cab9eabc403

    • SHA1

      63f7f1b2281f82bec711ab3dc490abde5a24f288

    • SHA256

      86747b573f7f2f20d75754e073411b56e93515eba22cf5c4307a24059e662b16

    • SHA512

      1532121e4d03955f5a4c33bd622a5da09357b37448ea923dacf12ca98e77af822de1dc3af3cd773f23d175c9b1cf5c42e914b01dbd150528d62e46b738f01949

    • SSDEEP

      3072:DvbniW198DEYusGG2dIcnnhIm3fbk/1WJC6qidEIiCu8o3Bo84/X3wrbiW14:DJX8DAsGGDchISj95+CuOX/

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

MITRE ATT&CK Enterprise v15

Tasks