Overview

overview

10

Static

static

1d8bb9ad72...95.exe

windows7_x64

7

1d8bb9ad72...95.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d8bb9ad72663a648e97e982181c3b34563c3a7b438f6ec11814a4b7f255bc95.7z

  • Size

    30KB

  • Sample

    220513-awl6zaebgr

  • MD5

    cdd82a4e54f464d7ade2e672cd72ad26

  • SHA1

    e784adde2152fd8db90e9cc07e88045f49a8dac6

  • SHA256

    d67ba0a3ca036878173f05263974d2ddc3b4dd8eb853f480153698b596bcd37c

  • SHA512

    08efe5326ec1abbae49a495781547452f5df91efe74ff5e31b7d4ee15ae36ee0dd5c5e8bf378ee7d53af3ad48218154317419e0ff8cea1852c1d402911f2afd2

Score
10/10
icedid3055369807bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3055369807

C2

yellwells.com

Targets

    • Target

      1d8bb9ad72663a648e97e982181c3b34563c3a7b438f6ec11814a4b7f255bc95

    • Size

      83KB

    • MD5

      a9a09b7690af936793d55af919f1725d

    • SHA1

      5f8b2c4715f45357e3e2376e309a472683086829

    • SHA256

      1d8bb9ad72663a648e97e982181c3b34563c3a7b438f6ec11814a4b7f255bc95

    • SHA512

      a51725e82169d8369e722fd602134f2945073cbeedb800d440caf3d08204025eb79ccc9f82afc5c4be8235571ee5929f88ed384c2cfb101419caa891114bede7

    Score
    10/10
    icedid3055369807bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks