Overview

overview

10

Static

static

document.lnk

windows7_x64

10

document.lnk

windows10-2004_x64

10

minro.exe

windows7_x64

10

minro.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    documentation_90.iso

  • Size

    188KB

  • Sample

    220330-awp8maheen

  • MD5

    95b04d57695be395ed56f730104451df

  • SHA1

    95c7769eec905fbcbd1f01d72bcee7c745146e85

  • SHA256

    214a1fe5ec01b87f0021e673ca5b15c82eab2285b75fbbd6b3850d00168da487

  • SHA512

    c70422c357d71f652aa7dc2a44fd8ca47738ff2c5941e3c66e6b2d4ec5add0845f01ece69e922dba3941d225a41c41418d3ba92a04ba40dbb00c9dacd8c0a0db

Score
10/10
icedid1666752692bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1666752692

C2

ritionalvalueon.top

Targets

    • Target

      document.lnk

    • Size

      787B

    • MD5

      dd257d13be37e393439a8bcb10d543a6

    • SHA1

      aeb270d6d09431684c08d3a6c4d13189ab878f5a

    • SHA256

      38a5e4650d1d23bc568aa762695799bdd95631c9c56b03d0272e382c4353e16c

    • SHA512

      84ff66f0cbc666794799f88b6c35d0340a17ee07d257b05caef5cf2e03b6e94f1539906b71e79a5b9e3f477a3becc135ed106c3446150858315415ca5987296b

    Score
    10/10
    icedid1666752692bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • IcedID First Stage Loader

      loader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      minro.exe

    • Size

      124KB

    • MD5

      6187867745754121e5b29c16e05e6164

    • SHA1

      daeb28c0e2db1dd78caff0d4b9d863d1f8656e47

    • SHA256

      617e0f57f4283ca044003326663b5614d66f97e16bccdd8bec1321fad44a7195

    • SHA512

      88b04366e121c02bd6f74f1ff5f305a87e91eb97b00ee4dbbe84761e407e26b3af262b84f9f47fc87a7277c334106a93bd7ba75a1a40f3b82b6c0f418adb3d02

    Score
    10/10
    icedid1666752692bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • IcedID First Stage Loader

      loader
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks