icedid | 9646b87a32e3a271b4e36a73a8b9d1742035a0edbcdb11b00f85e3e13178a597

Resubmissions

25-05-2022 19:16

220525-xy9rdacee9 10

23-05-2022 22:23

220523-2bae8ahfb7 10

23-05-2022 22:09

220523-12vneahef3 10

Sharing

Copy URL

Twitter E-mail

General

Target

a0fa7f6e03e5d3fa5adfcd5dc1e85354-sample.zip
Size

1KB
Sample

220523-12vneahef3
MD5

a3cdbef698dbf2dc5dfc4901ce8b09a5
SHA1

b4a3f0d41a5f8baab16d298aecc0c4fcf7eec051
SHA256

9646b87a32e3a271b4e36a73a8b9d1742035a0edbcdb11b00f85e3e13178a597
SHA512

8c6d0212c30fabc312aafffb7dcc9d9f6a33d8d774020c63fd17174334d433730541faf04d5bfce701e5d8e69d4d68a2aa20ac495f2f4ce3edc3980c0c381876

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://conderadio.tv/09872574.hta

Extracted

Language

hta

Source

URLs

hta.dropper

https://conderadio.tv/09872574.hta

Extracted

Family

icedid

Campaign

109932505

ilekvoyn.com

Targets

- Target
  
  Invoice_1.lnk
- Size
  
  2KB
- MD5
  
  c00c67f3de031c5ae198ba0362b5dd01
- SHA1
  
  40f3b0263f8fccdf1fd5fe287dbd55829a8eddd6
- SHA256
  
  d146c8bc52ec74b67704b30c0fb20995ba65770d191502f70c88c262dc44fc5d
- SHA512
  
  4944aa5947667500eddb4d7fed5b0a8eb4d14db1d60496fcbe38c4032511b04c92757807a23dff49353f5ee75a5ed44cc5de9ed7cdcd12b59a7b8c9214e227ad
Score

10^/10

icedid 109932505 banker evasion loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- UAC bypass
  evasion trojan
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

IcedID, BokBot

UAC bypass

suricata: ET MALWARE Win32/IcedID Request Cookie

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2