Overview

overview

10

Static

static

ACF84EB0E0...2C.exe

windows7_x64

10

ACF84EB0E0...2C.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ACF84EB0E00079CF0B3601554EBD3D31B3B1B73EA212C.exe

  • Size

    310KB

  • Sample

    220222-wcxz1sbge3

  • MD5

    bf6d16644fd75fc2998358a95dffface

  • SHA1

    e2d530ef0eaf32deee0be90bf17f4b436a815f7c

  • SHA256

    acf84eb0e00079cf0b3601554ebd3d31b3b1b73ea212c4ac55a1d715c72759cc

  • SHA512

    a1f52e3b19a3d38e457abfcf81897047ab9db690085bd68a334372069988bea2d33b1590ecde309548e0b94de990246ce3230853894a6327de1af7e35ec17514

Score
10/10
icedidsmokeloader1843818144backdoorbankerloadertrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://nahbleiben.at/upload/

http://noblecreativeaz.com/upload/

http://tvqaq.cn/upload/

http://recmaster.ru/upload/

http://sovels.ru/upload/

https://oakland-studio.video/search.php

https://seattle-university.video/search.php
rc4.i32
rc4.i32
rc4.i32
rc4.i32

Extracted

Family

icedid

Campaign

1843818144

C2

grendafolz.com

Targets

    • Target

      ACF84EB0E00079CF0B3601554EBD3D31B3B1B73EA212C.exe

    • Size

      310KB

    • MD5

      bf6d16644fd75fc2998358a95dffface

    • SHA1

      e2d530ef0eaf32deee0be90bf17f4b436a815f7c

    • SHA256

      acf84eb0e00079cf0b3601554ebd3d31b3b1b73ea212c4ac55a1d715c72759cc

    • SHA512

      a1f52e3b19a3d38e457abfcf81897047ab9db690085bd68a334372069988bea2d33b1590ecde309548e0b94de990246ce3230853894a6327de1af7e35ec17514

    Score
    10/10
    icedidsmokeloader1843818144backdoorbankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • IcedID First Stage Loader

      loader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks