Overview

overview

10

Static

static

dar.dll

windows7_x64

10

dar.dll

windows10-2004_x64

10

document.lnk

windows7_x64

10

document.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    docs_invoice_180.iso

  • Size

    214KB

  • Sample

    220324-ke5bbseea9

  • MD5

    746d58e8b1b4c45a3acbc16b5b0e7921

  • SHA1

    a3c2e1913038c237d40c5c60a543d60ac3e26ac2

  • SHA256

    2c84b5162ef66c154c66fed1d14f348e5e0054dff486a63f0473165fdbee9b2e

  • SHA512

    8c2dd6edae208d8b341b5586176cea3664425828ec80768f6248c0010dbf0637e5725fd1a3120492ccf9105a27c0c66078a1525accf78fad69c868b9ec21161a

Score
10/10
icedid3529509686bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3529509686

C2

oceriesfornot.top

Targets

    • Target

      dar.dll

    • Size

      150KB

    • MD5

      1a1d439cc755dfada04e44cc5fdf9f42

    • SHA1

      c56216e9f4785e6ebae071a4993db76c30503cbf

    • SHA256

      3ef172523e0ca0c357217012beb3fba3f3a0db7b6ad9caf1d5ab0df5beff60fe

    • SHA512

      905533a3fedd86b5347b54f648decdf4dcea6b950e550f309979b42d0d5eee99ba8f395807943eb0952435a95bb3c811bbb48fd3972f6333cfa0bd823e19f4c1

    Score
    10/10
    icedid3529509686bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      document.lnk

    • Size

      1KB

    • MD5

      adf0907a6114c2b55349c08251efdf50

    • SHA1

      aa25ae2f9dbe514169f4526ef4a61c1feeb1386a

    • SHA256

      3bb2f8c2d2d1c8da2a2051bd9621099689c5cd0a6b12aa8cb5739759e843e5e6

    • SHA512

      12d8f47079c712c0fd231ddb5dd7669e1345a3c1f531732b5ecb35895c98acbfb7a5fa49ca63e71084378355646baaa7bf8b3e10edaddf71d58a7ccde9c7f896

    Score
    10/10
    icedid3529509686bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks