Overview

overview

10

Static

static

documents.lnk

windows7_x64

10

documents.lnk

windows10-2004_x64

10

mi90o.dll

windows7_x64

3

mi90o.dll

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mi90o.zip

  • Size

    212KB

  • Sample

    220518-jx8wssacaj

  • MD5

    229476bd0abdc3dbcad71f86eb4fc664

  • SHA1

    c6c59e8d33fc2105234d88dcba378473de3d40ba

  • SHA256

    430c736b3112dae51f0e93ac1120549a6cb453b52f6036e1d086a93afefc858b

  • SHA512

    ecdb89eb63a4c673a922ed5f1d30ef9ad1bc689fe7d406ea6014571804dacd383f7e14d94356af23c446d74fbb1bf245ab36ca2256c9dbcfd0bc5ff0940d6c4f

Score
10/10
icedid3068011852bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3068011852

C2

yolneanz.com

Targets

    • Target

      documents.lnk

    • Size

      1KB

    • MD5

      fb7d17b5ec787f604a1c1a444ac13c03

    • SHA1

      a72296fd3b7d5225a368ae3be57db9209315e1d7

    • SHA256

      4ed0e46236e39c6efe3f1f96d6a1e3a5cc60b7bcfabe560823b141dcef4c66de

    • SHA512

      1ffc5007e14aaacb9cafd31614a7f8fc9654f3c655cb5c167dd10c0a79e4703db902763ddaaabd8277e2c4849bbcabf30587123708e24343815874e61109ae1a

    Score
    10/10
    icedid3068011852bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      mi90o.dll

    • Size

      486KB

    • MD5

      0ad0a1a3bfc696759bac79077654aa8a

    • SHA1

      38bea715a0c8642e0d67213be6206bbe4b9afc44

    • SHA256

      a8058555e8b476a0975d103228ec26b53cd71dac34d21f58acfc395a38acdb1d

    • SHA512

      dd1588cbe8ac2915f0953976e8f5c837c1bb5fb7cf484fdeb46ba99ea070a0093a440cb876a88b909bd170502218d6fa52bf1c693611e9b973e53c870a3bc6d6

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks