icedid | 85270b779afaf43f2cae16891abb9c549bb0726a488ecceb268719dfe8d298af | Triage

Sharing

General

Target

Invoice_Report-2022-06-21_95_doc.zip
Size

480KB
Sample

220621-1sk3lsdffq
MD5

1c959254fcec4cbf7a748e0113deee00
SHA1

7c124573c7f4f8652e268de5f891d1322c53b410
SHA256

85270b779afaf43f2cae16891abb9c549bb0726a488ecceb268719dfe8d298af
SHA512

ac9bb029de4bcdc913740af30f5bdf81dd1febfebd8e0053f632626803c6b2b7e9f8c46fc599e91a4eecbb73262b6def70b2ba9d75a9ccdcecf5736b78d9f8c0

Score

10^/10

icedid 3416991016 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3416991016

C2

bredofenction.com

Targets

- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  c47da7e1fb88cc6dbfaba6c3d2fd2ad2
- SHA1
  
  026b447f94dca2a3959311bb2459f874e780d6a3
- SHA256
  
  db435a3dd2d860a1dcafad8712f0a233ad0ae9cb7f9277d20aed04b39e27a829
- SHA512
  
  695abaaf67b305fdebfc68d892af5e9456334c3926f322d9de5e39ed3294e5498e9a764615f704fa96253862ddef4e415c230fc29fa0e073d9b8c16c6264aa28
Score

10^/10

icedid 3416991016 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  mar7nal.dll
- Size
  
  856KB
- MD5
  
  50a6b5a94fdf6783143e1a880509c299
- SHA1
  
  2abb20f08414b810609c660f3fb587a5cf5665c4
- SHA256
  
  6c2024bed697009c3b98ad8741438cf511f239b44da41e080c8d2cd40cecb54e
- SHA512
  
  cd9408451b264290edebca4bb9d3453ea353ed90902020cef107c621755c33716f992c28ed4889f32f0ded412febd10efe584a597a5932371cedc3093fcb623d
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3416991016bankerloadersuricatatrojan

behavioral2

icedid3416991016bankerloadersuricatatrojan

behavioral3

behavioral4