Overview

overview

10

Static

static

countViewSelect.hta

windows7_x64

10

countViewSelect.hta

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    countViewSelect.hta

  • Size

    3KB

  • Sample

    210506-acpfav6n1s

  • MD5

    a1f07f22e32902cf1c2493e3886e4ee6

  • SHA1

    af0d2e3e25b4c406b6f43585a66b2b2e7a4d527c

  • SHA256

    1b61d75451a001135e801d87d846f97819c3bb43419d95bacbe5c5593632ffc2

  • SHA512

    afe32dc8f0477df39a0f0327eba321a3a37cc114bb8c4e4a4e689038c2cec438a819b29f33c415acf2166197e70ff43363bf11f17be09dd5c711b3dac4df62d7

Score
10/10
icedid2941843931bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

2941843931

C2

dsedertyhuiokle.top

Targets

    • Target

      countViewSelect.hta

    • Size

      3KB

    • MD5

      a1f07f22e32902cf1c2493e3886e4ee6

    • SHA1

      af0d2e3e25b4c406b6f43585a66b2b2e7a4d527c

    • SHA256

      1b61d75451a001135e801d87d846f97819c3bb43419d95bacbe5c5593632ffc2

    • SHA512

      afe32dc8f0477df39a0f0327eba321a3a37cc114bb8c4e4a4e689038c2cec438a819b29f33c415acf2166197e70ff43363bf11f17be09dd5c711b3dac4df62d7

    Score
    10/10
    icedid2941843931bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks