General

  • Target

    JaffaCakes118_4b0e50204999c44b9f7d7fa88aac013056c0e9fe63d88f37e1e7a3212a001a12

  • Size

    421KB

  • Sample

    241222-xhhyqawmdk

  • MD5

    635b2a3facba50cfcc5257cb1ae764c8

  • SHA1

    8a55ab05ebb316fbc692cf6bc92810b7087e6367

  • SHA256

    4b0e50204999c44b9f7d7fa88aac013056c0e9fe63d88f37e1e7a3212a001a12

  • SHA512

    bf901c1ee5ba0b3330756e93d3eb611170b7f6b93cc62cc31768d714c95aa9f528556bd39a5e343b86bca8164ca3cfa2eceee2c462a267f6c5fe27fb3c9ecd9e

  • SSDEEP

    6144:oNggYNDa2pSkvClhIuW+eShWcIAxuqetIP0XxgHcDlZh/bs/92kxPu4G2TV2nwt:oNpabgIuvpFeiP0XKvpx4AV2M

Malware Config

Extracted

Family

icedid

Campaign

1842176049

C2

carismortht.com

Targets

    • Target

      33667344.dll

    • Size

      734KB

    • MD5

      a1f7315db077f4439da7547f1157245d

    • SHA1

      adcb94e14189aacbe2486a77ef9a4026db1384b9

    • SHA256

      8b6fdabfcc653d84055464fd6d924fc931a7468fc362433569d74f65bad8e1dc

    • SHA512

      71dcb2133815f1903c31d6e720af2cefec9e77b58be000a8d359e7c682ba86862f303c74727e3dc9ebd2b30bb37d95da189aa774870d9bd24e50adad6c1a5cf4

    • SSDEEP

      12288:5OdHHQXI2BzQv5Z9KIiZ0tQElmREXDY7Rmy3MNpI4W7bBMM82DnwazPzM+i:5OdnQXjyBLKphEPDYVWf5+bBM3aNzPzd

    • Target

      INV87162.txt.lnk

    • Size

      1KB

    • MD5

      eee800539317857be2814e2961f5786b

    • SHA1

      3b4031af710ea8116b7ae0c405182055b263441c

    • SHA256

      9ba435872f1ef090c6eb506fcd7c07d903b8c7a26e772e8b1046f312258f5a04

    • SHA512

      c5610f208d67274d59a391ce80f3358b3bb3c83297f34029a89c2e34f687940d1cd064abf0b41dc264fec8fbc36e61c08329896d42bdae9a765048ae2edd3cbd

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Icedid family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      UFbjRkMGfw.ps1

    • Size

      59B

    • MD5

      219543beb2dbd3dd4a38133cb4cf5d62

    • SHA1

      a9f3bca1e95a8013e54a327ab471fa90f4d6fdec

    • SHA256

      ff4878fee00d54134fffa5ca90af7ec4892d7397dafe5ad8a319ab83f9b594ae

    • SHA512

      adfc8567036636ebcbd46d860eacdf55edaff7a56af5a65f0c4695fe2698fa8bc5c7afa1b75126450417516851b500bb3b8d1a1211dae279d6ef95c1621aab26

MITRE ATT&CK Enterprise v15

Tasks