Overview

overview

10

Static

static

document.lnk

windows7_x64

10

document.lnk

windows10-2004_x64

10

main.dll

windows7_x64

10

main.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice_202.iso

  • Size

    1.3MB

  • Sample

    220312-rz1xzaaffq

  • MD5

    36d56c473734e20aa63e7255dce47b5c

  • SHA1

    e1bf98b73dbcc087af59ba04341fa1e1066547c6

  • SHA256

    9e32d82f6649df430b1a3c7b50cd2dd2e3a55f1262b17ffe9df889c1cad4f641

  • SHA512

    001053251897e51b11ff6471e283d757b0fbb324931a96b6c4a74d39d6d9373f60169cc09f0c1ac6fd5fd8cf711c7691623f0190051359cdb179905da7ee149a

Score
10/10
icedid2401334462bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

2401334462

C2

emicthatmov.top

Targets

    • Target

      document.lnk

    • Size

      2KB

    • MD5

      a7ec43a3bd10d95a788f79c20ab8796f

    • SHA1

      5c165fedae74c0ef60104772dc82f34520e1ff6f

    • SHA256

      a17e32b43f96c8db69c979865a8732f3784c7c42714197091866473bcfac8250

    • SHA512

      69eb3fd86ddf68e14f37dc7e862a9accf389b64c2a009c292da324bb63414453b51c6206845a1c364df0658288265a111900bbd09a50a920788dda67ccd6f2b2

    Score
    10/10
    icedid2401334462bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      main.dll

    • Size

      1.2MB

    • MD5

      e837721973bddc2555f675f89c6121fa

    • SHA1

      5f03d305a3326fd0a7417b3a1d91e310db892f4b

    • SHA256

      2c1e2e0a9ea8e180d9323229d780590df4bd1a90781e6eebc85d9c9b0b5f41c4

    • SHA512

      fdb649c3b3f0cf36f77776fd059e6a5f19be79b2bddd66615d69b0f2633f2ee65a8ddaca3a474c899640fca1243b8f6791b89bc495c27c54929e745f134b0a50

    Score
    10/10
    icedid2401334462bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks