Overview

overview

10

Static

static

invoice_101.iso

windows10_x64

3

document.lnk

windows10_x64

10

main.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice_101.zip

  • Size

    748KB

  • Sample

    220311-vk628addfj

  • MD5

    b9e3f89ca8d8e233ef2847183c70ae0f

  • SHA1

    211ccf6cdd6401d9bf33d6d661eb42633c38fb81

  • SHA256

    c154e3c6d04236e940af9e4ca1f5b44e354edba99ca6a6948e4c205fc73b6a14

  • SHA512

    9b62742a1dde581b0c1cc1f6b3524a13c14c97f5541234c4e20b31f0c2e661f89cb3d24939db74f1ca34fc51c8bb78b0f315cb58b127466a11eedeecc0db4910

Score
10/10
icedid2401334462bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

2401334462

C2

emicthatmov.top

Targets

    • Target

      invoice_101.iso

    • Size

      1.3MB

    • MD5

      f8de85c24adbe7e2cdbc4e0f34c5e2ed

    • SHA1

      2db699ce6d2248ae7a5b09f75f7e592bfbd313be

    • SHA256

      4650d948ad7d491073debf27356d91774abbe5f355f4b2fd9ccea59cfd0b0de8

    • SHA512

      5834fe3010e286ca0818cbe022e0bdf58f35aafb4d8943901e723e34dc8f610a782d4bda86eb0fab3179f5c69b0e07c35744512c192e577aaf8e16be2df28122

    Score
    3/10
    behavioral1

    • Target

      document.lnk

    • Size

      2KB

    • MD5

      a7ec43a3bd10d95a788f79c20ab8796f

    • SHA1

      5c165fedae74c0ef60104772dc82f34520e1ff6f

    • SHA256

      a17e32b43f96c8db69c979865a8732f3784c7c42714197091866473bcfac8250

    • SHA512

      69eb3fd86ddf68e14f37dc7e862a9accf389b64c2a009c292da324bb63414453b51c6206845a1c364df0658288265a111900bbd09a50a920788dda67ccd6f2b2

    Score
    10/10
    icedid2401334462bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata
    behavioral2

    • Target

      main.dll

    • Size

      1.2MB

    • MD5

      54a4016cf2d929ccea9ef47efbd96542

    • SHA1

      b761fd0ff2a4f4394191e8a9bce4c586f131b8f0

    • SHA256

      4bbd73e64d3fea6e61c91d419a0014985bd058d9adea2a7b4e863867aa79435d

    • SHA512

      8fa4b15b7efed88810060f222ae5bb9248be9dd8145a329fe3f3494278d8e4826fd36948443cd3d568f55ab951dc1b9c96090c643abb1292036966357f1d63e3

    Score
    10/10
    icedid2401334462bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata
    behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks