icedid | 37f8114f105920f74404016ca09f80ddc95d8900ba331f0e83bae419cdc6cb5f | Triage

Sharing

General

Target

mu7en.zip
Size

361KB
Sample

220620-r1a3yaeacm
MD5

698e47d9528e851b58d06e3eb9852a3f
SHA1

8b28b00acf553a9ea09a265e5b58b7ce974ef364
SHA256

37f8114f105920f74404016ca09f80ddc95d8900ba331f0e83bae419cdc6cb5f
SHA512

b7926c3c71b36fa4581081dc4bb1b1ba3dec4b2e66afc7f32c9d9e0c965bbe74544dfd6c13b66ab69f865372860fbe8aacd8daf24dd18ea23a4ce868dc3fc3ca

Score

10^/10

icedid 3400213397 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3400213397

C2

coolnexoz.com

Targets

- Target
  
  mu7en/documents.lnk
- Size
  
  2KB
- MD5
  
  cca15291edc87392d7c8c213ea97942e
- SHA1
  
  3b72a30211f24e4b119c812c23a6651600206551
- SHA256
  
  3cca8d1b4cfe0ebcf105621700454d0285ef1b44dfed3e3abf70060bb62aa5b4
- SHA512
  
  558eb218ab50e5b1b3bbf19798e60f4a9d9f98fe86219dd130a0620674c3a86ca10e39162e068162b55f372e16e788f37c4333c46ceee8ee66088658b78090aa
Score

10^/10

icedid 3400213397 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  mu7en/mu7en.dll
- Size
  
  646KB
- MD5
  
  e1dd8a5fed49d0084f445280ba3b217a
- SHA1
  
  5eeead8ea5d6fe2ce58b762a7d1cce944455b45e
- SHA256
  
  2630bdfe1b7ee3c9a6e46fd004c238b2d4b22de0696ea502074d7e33900b6c8f
- SHA512
  
  fb9ce33f0408cd6123cf76648523871ebf9dd630bcce02b8cf7c19f4437013b21b4a95d62963cec61b446bf165a7035aa7bee011bac00420c11bcf48a452c282
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3400213397bankerloadersuricatatrojan

behavioral2

icedid3400213397bankerloadersuricatatrojan

behavioral3

behavioral4