General

  • Target

    e2c487a87a5be69af4a86f82317fa941_JaffaCakes118

  • Size

    267KB

  • Sample

    240915-sgykkazflk

  • MD5

    e2c487a87a5be69af4a86f82317fa941

  • SHA1

    046ce6a92833ac623769c4bee4e6e656c8d40f22

  • SHA256

    1fc02c2bbb954f1fbfee85140618025b23c6d3a8a793b28909139a43e68e6adb

  • SHA512

    a0e0002591a1f972f0e443c4586c8b25539a5e2a3f439e6534fa88bb967e38d6e158709d9b292b37bd3a527e7055196537ebd937eb9fc88e66feeed84e8acada

  • SSDEEP

    3072:WKCvsQ1ZkyvvaVj5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoCSvytr7UtkiBvPLiAOg3kaeXV6y

Malware Config

Extracted

Family

icedid

C2

wertigohol.click

Targets

    • Target

      e2c487a87a5be69af4a86f82317fa941_JaffaCakes118

    • Size

      267KB

    • MD5

      e2c487a87a5be69af4a86f82317fa941

    • SHA1

      046ce6a92833ac623769c4bee4e6e656c8d40f22

    • SHA256

      1fc02c2bbb954f1fbfee85140618025b23c6d3a8a793b28909139a43e68e6adb

    • SHA512

      a0e0002591a1f972f0e443c4586c8b25539a5e2a3f439e6534fa88bb967e38d6e158709d9b292b37bd3a527e7055196537ebd937eb9fc88e66feeed84e8acada

    • SSDEEP

      3072:WKCvsQ1ZkyvvaVj5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoCSvytr7UtkiBvPLiAOg3kaeXV6y

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID First Stage Loader

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks