Overview

overview

10

Static

static

ahol3m.dll

windows7_x64

1

ahol3m.dll

windows10-2004_x64

1

documents.lnk

windows7_x64

10

documents.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TA578-IcedID.zip

  • Size

    347KB

  • Sample

    220614-arh9hsbddl

  • MD5

    31a51cf11039ba7cf1d42eed6ee62b65

  • SHA1

    3b2fbffeb3494f47af5a1d66d920bbb59b04c6fc

  • SHA256

    ce28d57c54d4b5965106d956d3d3c0211c1dd591c881f34f3582775b07dce387

  • SHA512

    94c70984f6d2767930f9d4ac3e5bddfad02d918c1a2054ba891ca3a942857434e1b1856c32e2c42a18900b2e246c2a98e63ac6e247085bbe002f96694d21217f

Score
10/10
icedid1328647508bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1328647508

C2

didojanza.com

Targets

    • Target

      ahol3m.dll

    • Size

      600KB

    • MD5

      bd9713be8ab4a1faf11241bb18faa20e

    • SHA1

      89cdc2142dd16e6026018483c686d028ea219deb

    • SHA256

      ce90e85553cb19c787de4421a8bb0bc89c2f3c942cbc41bba92b6bf822d815bf

    • SHA512

      7963f54c66435bc064953f81c59fa0bd3bc43fa22752df7cd5ef96404c41fa62672f2ea409273431930c840f35549ef557ffc33bed1fa354f7de158ee471ca3a

    Score
    1/10
    behavioral1behavioral2

    • Target

      documents.lnk

    • Size

      2KB

    • MD5

      248322abe291aa979c34ee5f9bd76e70

    • SHA1

      fdfa1670324e951e44736b75b4c12d7aac1a4338

    • SHA256

      518a3f0b6e5709fcf44b04208167a51f77e4c82283f71b800a6faf297431f36c

    • SHA512

      a37819e37d2b93c2043c21339a81ddd7dcc43f933cad369313efe45fee9e51f51e30556455d1e720071f60596d298c594b789e4a1b4fdc104cc903df2c684805

    Score
    10/10
    icedid1328647508bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks