Overview

overview

10

Static

static

documents.lnk

windows7_x64

10

documents.lnk

windows10-2004_x64

10

mar7nal.dll

windows7_x64

1

mar7nal.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_Report-2022-06-21_95_doc.zip

  • Size

    480KB

  • Sample

    220621-1sk3lsdffq

  • MD5

    1c959254fcec4cbf7a748e0113deee00

  • SHA1

    7c124573c7f4f8652e268de5f891d1322c53b410

  • SHA256

    85270b779afaf43f2cae16891abb9c549bb0726a488ecceb268719dfe8d298af

  • SHA512

    ac9bb029de4bcdc913740af30f5bdf81dd1febfebd8e0053f632626803c6b2b7e9f8c46fc599e91a4eecbb73262b6def70b2ba9d75a9ccdcecf5736b78d9f8c0

Score
10/10
icedid3416991016bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3416991016

C2

bredofenction.com

Targets

    • Target

      documents.lnk

    • Size

      2KB

    • MD5

      c47da7e1fb88cc6dbfaba6c3d2fd2ad2

    • SHA1

      026b447f94dca2a3959311bb2459f874e780d6a3

    • SHA256

      db435a3dd2d860a1dcafad8712f0a233ad0ae9cb7f9277d20aed04b39e27a829

    • SHA512

      695abaaf67b305fdebfc68d892af5e9456334c3926f322d9de5e39ed3294e5498e9a764615f704fa96253862ddef4e415c230fc29fa0e073d9b8c16c6264aa28

    Score
    10/10
    icedid3416991016bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      mar7nal.dll

    • Size

      856KB

    • MD5

      50a6b5a94fdf6783143e1a880509c299

    • SHA1

      2abb20f08414b810609c660f3fb587a5cf5665c4

    • SHA256

      6c2024bed697009c3b98ad8741438cf511f239b44da41e080c8d2cd40cecb54e

    • SHA512

      cd9408451b264290edebca4bb9d3453ea353ed90902020cef107c621755c33716f992c28ed4889f32f0ded412febd10efe584a597a5932371cedc3093fcb623d

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks