Overview

overview

10

Static

static

267-3099-39.lnk

windows7_x64

10

267-3099-39.lnk

windows10-2004_x64

10

54267-876-8676.lnk

windows7_x64

10

54267-876-8676.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoices.img

  • Size

    58KB

  • Sample

    220523-wpthcsdddl

  • MD5

    49dfa24dfad1973135b2c7c59c2fdfb5

  • SHA1

    8bb33c663a0639f4a4d9544c82fb883d7c8ccc93

  • SHA256

    c88f8fe20ad9910200377a94c939be0bbfa16889b5418dfca1fe0fb4fd03973c

  • SHA512

    19d5142c907d190d29d7a2fdaa6b8ae352486d0f803eac59c1bfa74003eeb0c5e430370fc09470fad4726a02bc0b7bf918e5aebf365cf74ba5aa63dc3783b87a

Score
10/10
icedid109932505bankerloadertrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://modhub.com.br/upload.hta

Extracted

Language
hta
Source
URLs
hta.dropper

https://modhub.com.br/upload.hta

Extracted

Family

icedid

Campaign

109932505

C2

ilekvoyn.com

Targets

    • Target

      267-3099-39.lnk

    • Size

      2KB

    • MD5

      d940f57ff05d71eb52b1c1ab693edcf1

    • SHA1

      4da1c51a0cad571c6121a62ffb4b837135809e5f

    • SHA256

      2599c81a8c6e1b8682085a21735631e86ae4450db88dc82ac568424c0a7ed5ad

    • SHA512

      c0ad443c81a32bdcc4674f66e228067c87fc53027a9839b3dbf3b82711b68a9a9d698a1d08472f36cfe14ae10ec518d5ba68fd91b5e980d7b35e8125c5511e13

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      54267-876-8676.lnk

    • Size

      2KB

    • MD5

      9edabe11d846a6de5d337e737d24e85c

    • SHA1

      26f63aac40c4e9f459a379eec94a258b604f582e

    • SHA256

      4b582f38e3376346cb066e36ff8dfa32b268154bb2de13870702e8bbf366a023

    • SHA512

      5e88d418cb26f4bfd7bf5d1b2dbf31a8f026bbf29c760919d2986c883de6067df75c5eb8ca790a2c4a7ef09b87a2c6ba1b62e57e76fc3b32af633317639c6f0e

    Score
    10/10
    icedid109932505bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks