Overview

overview

10

Static

static

data.dll

windows7_x64

10

data.dll

windows10-2004_x64

10

documents.lnk

windows7_x64

10

documents.lnk

windows10-2004_x64

10

Resubmissions

25-02-2022 08:32

220225-ke9wtaggfq 10

25-02-2022 03:35

220225-d5e1ssffhl 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice_113.iso

  • Size

    668KB

  • Sample

    220225-ke9wtaggfq

  • MD5

    0bbd25a272eb9e52bdab9dcc00ad5bbd

  • SHA1

    64ae08845a81602c7af81e87e7dd831b24646f36

  • SHA256

    72de75436e7d29d3799e1cea245d640cfb8e10b75945dbc71f204b1f8fbdf8c7

  • SHA512

    ccc334f41ed56f14aef931af78f750ab18c17acd89ae92d70493b9f16c49d87b6198ec060ab5d9f62fcd59182689c988f1934c044935563bf05275fa439eb24a

Score
10/10
icedid952864090bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

952864090

C2

biglaneat.com

Targets

    • Target

      data.dll

    • Size

      604KB

    • MD5

      20d612a116723260153f17302d5b1266

    • SHA1

      b6f7710879f456c9c318e2fd743e9e72cd8eafb3

    • SHA256

      607920e9ac71d98a9a96c8114b6a24dbdcd737250a7ee912559b59e4276b640a

    • SHA512

      ce97ea9b70bd8c19060efc5dc53fa6f96eccb628c97e6843bd8ed677463567ba98d1b43cc0174ed168b5f95a347c1c1f5678c06c1dcfa1f36905dbe8afcc2b59

    Score
    10/10
    icedid952864090bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata
    behavioral1behavioral2

    • Target

      documents.lnk

    • Size

      2KB

    • MD5

      c754f3d9cdca9c58f7b9d0a486e4d388

    • SHA1

      078f05b78e7a83ab17d9b35edf195c10f0d5750c

    • SHA256

      a689b27afa67609b9b73465c47f927a12c470b32d8a340552d5f85499501a757

    • SHA512

      cc4af4a8994da26f6daacf1243bb85df0995eccb90159df66e94af0e4e9fd3df401e35a57254efe9bc10a45867dbbdcb3335391f4d5da8b2dcfbe31980e23ebf

    Score
    10/10
    icedid952864090bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks