Overview

overview

10

Static

static

mu7en/documents.lnk

windows7_x64

10

mu7en/documents.lnk

windows10-2004_x64

10

mu7en/mu7en.dll

windows7_x64

1

mu7en/mu7en.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mu7en.zip

  • Size

    361KB

  • Sample

    220620-r1a3yaeacm

  • MD5

    698e47d9528e851b58d06e3eb9852a3f

  • SHA1

    8b28b00acf553a9ea09a265e5b58b7ce974ef364

  • SHA256

    37f8114f105920f74404016ca09f80ddc95d8900ba331f0e83bae419cdc6cb5f

  • SHA512

    b7926c3c71b36fa4581081dc4bb1b1ba3dec4b2e66afc7f32c9d9e0c965bbe74544dfd6c13b66ab69f865372860fbe8aacd8daf24dd18ea23a4ce868dc3fc3ca

Score
10/10
icedid3400213397bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3400213397

C2

coolnexoz.com

Targets

    • Target

      mu7en/documents.lnk

    • Size

      2KB

    • MD5

      cca15291edc87392d7c8c213ea97942e

    • SHA1

      3b72a30211f24e4b119c812c23a6651600206551

    • SHA256

      3cca8d1b4cfe0ebcf105621700454d0285ef1b44dfed3e3abf70060bb62aa5b4

    • SHA512

      558eb218ab50e5b1b3bbf19798e60f4a9d9f98fe86219dd130a0620674c3a86ca10e39162e068162b55f372e16e788f37c4333c46ceee8ee66088658b78090aa

    Score
    10/10
    icedid3400213397bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      mu7en/mu7en.dll

    • Size

      646KB

    • MD5

      e1dd8a5fed49d0084f445280ba3b217a

    • SHA1

      5eeead8ea5d6fe2ce58b762a7d1cce944455b45e

    • SHA256

      2630bdfe1b7ee3c9a6e46fd004c238b2d4b22de0696ea502074d7e33900b6c8f

    • SHA512

      fb9ce33f0408cd6123cf76648523871ebf9dd630bcce02b8cf7c19f4437013b21b4a95d62963cec61b446bf165a7035aa7bee011bac00420c11bcf48a452c282

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks