General

  • Target

    JaffaCakes118_2878be41aaeedc0ee558e795eb571a68bfd955299a855e50c2a2da0c611a3f72

  • Size

    344KB

  • Sample

    241221-1klzya1jem

  • MD5

    68e5a1ff87ce7cdc850e55526899e76f

  • SHA1

    1bb4fe13f9d07f6e91e60cb4458b90db1d0faa40

  • SHA256

    2878be41aaeedc0ee558e795eb571a68bfd955299a855e50c2a2da0c611a3f72

  • SHA512

    f3428b8c309c5eb5716b0842a0bce4aacf3079a945f6146eff53d5335079ba5e5d632802ef62b079d15418e7d9a6720f766fd667c0c004c95ea5697c0923a346

  • SSDEEP

    6144:isBaiLlIurxTbp4o8l4It2DelgQpB/lP3u21uZoXa8ZTiposUDFkPtigi976D+VZ:bwIIuxTbp4oTOgQpdlG21I89ipNc4sRp

Malware Config

Extracted

Family

icedid

Botnet

1525646893

C2

survoning.top

engivesci.top

kastfiron.top

oscanonamik.buzz

Attributes
  • auth_var

    14

  • url_path

    /news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

    • Target

      core/cmd.bat

    • Size

      185B

    • MD5

      bac18ce4d5c2794b21ba4edbeb29b133

    • SHA1

      f783b8dcb137890099d2fae754aa0685c3df027d

    • SHA256

      251bc2dcfb073f229c16292b797dc08f89aa6aa91e32b44f5adb7466971e339a

    • SHA512

      9b26df943e2781ee520e0f173c5f6a3dcff5c9a06200965ed16a51c666f79330a1b30282f73ce81d9ee5cb95465f986ada272207aec3b88cb6dbb99ed27ae8b3

    • Target

      core/lava_.dat

    • Size

      31KB

    • MD5

      cbd6b1ec0c58c081d270a546a2e12526

    • SHA1

      1061c9058f1b9feefc460aaf1364d010cd0e21f6

    • SHA256

      98202a36294325c6c23d623ebcf4e2008cc2b8ff0cd8ae4a64f7e632569d05d3

    • SHA512

      2c6be10e3afed0faf9083f25acef9568cfe14ee95b7c1ce8ee2b2bfc38cb3b8c069c216a223a425f2549f5d72e1eb4ed5e512589d3094b63b821002aa5b4ff0d

    • SSDEEP

      384:gp+zb+B/pcNY3DVg27xxObguH1a+UdMBquiwHsu+H:gp+zidp0YDVgYxMguHZBqFwHsnH

MITRE ATT&CK Enterprise v15

Tasks