Overview

overview

10

Static

static

ahol3m/ahol3m.dll

windows7_x64

1

ahol3m/ahol3m.dll

windows10-2004_x64

1

ahol3m/documents.lnk

windows7_x64

10

ahol3m/documents.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ahol3m.zip

  • Size

    337KB

  • Sample

    220613-vxlbaahfaq

  • MD5

    bf677988f4812469cb410c481e266a58

  • SHA1

    25a5db24334de381d1041b90732c4ad7e5bcb848

  • SHA256

    5280ca3c56953d1abbfe59ad6afeb59a3f95526a31aff5b5e4e2a006291261ac

  • SHA512

    9d98830f583d7b62556ce7bdded74a258667f02879d70a93306477c5dc200da8817c2c74250ab695d09118ab22c3a9a1f94de7275d53cd3a07ae34098d8985b4

Score
10/10
icedid1328647508bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1328647508

C2

didojanza.com

Targets

    • Target

      ahol3m/ahol3m.dll

    • Size

      600KB

    • MD5

      dea6dbfbfe8dc212d0243a0572fea20e

    • SHA1

      cfeaacc43cbafd7ff1aaa97e557cf4bdce67eba0

    • SHA256

      433172d2bd5264e40b018ea6627bd3d8b3d37115ca4012899eacd7a066c282a2

    • SHA512

      3d0fdbb8b3b999a5a19a2414be8f3a949f395fb29593722b5e8b66141b16347ffa15e4ba4ca6e54536470841d789846cdea63dcfe25e6b5230286ab80645e706

    Score
    1/10
    behavioral1behavioral2

    • Target

      ahol3m/documents.lnk

    • Size

      2KB

    • MD5

      248322abe291aa979c34ee5f9bd76e70

    • SHA1

      fdfa1670324e951e44736b75b4c12d7aac1a4338

    • SHA256

      518a3f0b6e5709fcf44b04208167a51f77e4c82283f71b800a6faf297431f36c

    • SHA512

      a37819e37d2b93c2043c21339a81ddd7dcc43f933cad369313efe45fee9e51f51e30556455d1e720071f60596d298c594b789e4a1b4fdc104cc903df2c684805

    Score
    10/10
    icedid1328647508bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks