Overview

overview

10

Static

static

documents.lnk

windows7_x64

10

documents.lnk

windows10-2004_x64

10

textins.dll

windows7_x64

1

textins.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    StolenImages_Evidence.zip

  • Size

    224KB

  • Sample

    220528-thttfachf8

  • MD5

    f00d39fd361eea5a1c049463c441d4d3

  • SHA1

    05efed085bd50df4384159c1c51d73e9ff6918d0

  • SHA256

    ebdd0354f227a3631513d26322e4c104af8622571ed1e735e48bf297834625e6

  • SHA512

    b3eb0fb0b2f84237f80520a8e4f8f19edfefdd092d66e3daccfa111ac0230d4348d9a7518ba50a95ccf883d6b3d679fd71a63c748d1cb3adaf0b803a02405997

Score
10/10
icedid3333102921bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3333102921

C2

reapetzold.com

Targets

    • Target

      documents.lnk

    • Size

      1KB

    • MD5

      d61780458f992bdf77fe625dd1565e6c

    • SHA1

      2dd14846649ebf8bd9ca7ae300087d021668bab9

    • SHA256

      e160ad95d3c45196a978965356fbaad470f2e04c6dfdc62db94bcb9cf08c3a81

    • SHA512

      7d376ee7d7d56295161af628e6b2922afa3886d05d99569f79910dce168309702f0a80e9498db465d685b2dd94fef91e0ba2c3a0d19d343d7f2e0c140e0b7c07

    Score
    10/10
    icedid3333102921bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      textins.dll

    • Size

      393KB

    • MD5

      77d0d73564f14e1cb23f57be1ab973b7

    • SHA1

      f6cff28fcda4239d35bdb11f3d0d1ead273a5d6e

    • SHA256

      015326f4d50aadc7642ed6043c8e451e208dfb0c57b1389a8a9994c74a30dd37

    • SHA512

      05996a83b22c82431dd1bcfba99e5da6a46c1f740780be33852af6f71d6216f22140583d8eee42a43cf5c2cebccba1428cd41e23d316cf5734b92416e0a6a60a

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks