General

  • Target

    JaffaCakes118_21f835ee382f4e48669282b0a3acbe667ebf0146ff45daaccdd51ae713b9ae63

  • Size

    31KB

  • Sample

    241222-abfhpavnhr

  • MD5

    33f32946aef88800406db834ec6f8181

  • SHA1

    f2cf3a86629c353069854f0b93fbbe8dc6acecd7

  • SHA256

    21f835ee382f4e48669282b0a3acbe667ebf0146ff45daaccdd51ae713b9ae63

  • SHA512

    be43c1fa21cd4c2738a8137eef166ba7e747e56b847606cb070f6adf15aa3ed91af32442f30a3555a07e03d6fab3bd7ea6ac3a26beef01d5f8e61344bc6a94b7

  • SSDEEP

    768:LlLDSuadLpBgwHJJ53smg4hsmVCBUMmRS:LlnQBgwHPfNhsmVk

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

icedid

Campaign

497724135

C2

ovedfromasi.top

Targets

    • Target

      415abfb2785209977e7293d58e6ec29345a1be9dc343ae69f17e96c5346f9fe7

    • Size

      70KB

    • MD5

      dc79488b73f6e411302d08abf1f9bddc

    • SHA1

      3dfcc55455437077a3b91347cdd7dd30fd047244

    • SHA256

      415abfb2785209977e7293d58e6ec29345a1be9dc343ae69f17e96c5346f9fe7

    • SHA512

      34dab5c2e7137e035b7e6ff031959e4ce2c29a0f7be3384ca9af9a87b0f0c1d69abeab7a612d46c2b7da837dc9cf22a04b6209656602e9d0274dd8c59b3a683e

    • SSDEEP

      1536:TXUu70LgnxCl7f/3jWCgiMthg8Mi3lHg9gIgmfgCjMiAOqTu/+vXWPbge96LI4hH:TwL6C5fPKCNAXMixmHBfFzmu/mAbgwuh

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Icedid family

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks