Triage | Malware sandboxing report by Hatching Triage

Resubmissions

09-12-2021 17:57

211209-wj1dqaeedq 10

06-12-2021 09:45

211206-lrasxsgeh3 3

22-11-2021 13:35

211122-qvrytsfehq 3

Sharing

General

Target

2.exe
Size

177KB
Sample

211209-wj1dqaeedq
MD5

20478d2d2b86e6c8c9da84af39fd652b
SHA1

f9c926efee370218d0d82dd75e703f46355e6018
SHA256

33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b
SHA512

a348e4d5245b6aff3242f02f66415874a6380fa26740ed18ff2e995a87a386acc2e93182066abc3d6e7dc253909ed79099db70209ca38f779adb7fe67c78b613

Score

10^/10

icedid 862604275 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

862604275

C2

nchestothe.ink

Targets

- Target
  
  2.exe
- Size
  
  177KB
- MD5
  
  20478d2d2b86e6c8c9da84af39fd652b
- SHA1
  
  f9c926efee370218d0d82dd75e703f46355e6018
- SHA256
  
  33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b
- SHA512
  
  a348e4d5245b6aff3242f02f66415874a6380fa26740ed18ff2e995a87a386acc2e93182066abc3d6e7dc253909ed79099db70209ca38f779adb7fe67c78b613
Score

10^/10

icedid 862604275 banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

Install Root Certificate

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

icedid862604275bankersuricatatrojan

behavioral2

icedid862604275bankersuricatatrojan