Overview

overview

10

Static

static

mar7nal/documents.lnk

windows7_x64

10

mar7nal/documents.lnk

windows10-2004_x64

10

mar7nal/mar7nal.dll

windows7_x64

1

mar7nal/mar7nal.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    mar7nal.zip

  • Size

    479KB

  • Sample

    220621-t1xytaabe3

  • MD5

    c290338e42cad6eb1da8d4ddbe44501b

  • SHA1

    f088075f5403474508255341caa95cbb2b2bccdb

  • SHA256

    53ea4ad90879831faf97cf30b5156bfdd48ccdb00184177a8e4a19f6114b365d

  • SHA512

    d8b0a1e467844746ceaba0727d31ab62d38d6829972e69694612a7d90c4252677eeff8a556b59a617e56046d73a75b9df7425e4be438d770f248e40a4e3f61d2

Score
10/10
icedid3416991016bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3416991016

C2

bredofenction.com

Targets

    • Target

      mar7nal/documents.lnk

    • Size

      2KB

    • MD5

      c47da7e1fb88cc6dbfaba6c3d2fd2ad2

    • SHA1

      026b447f94dca2a3959311bb2459f874e780d6a3

    • SHA256

      db435a3dd2d860a1dcafad8712f0a233ad0ae9cb7f9277d20aed04b39e27a829

    • SHA512

      695abaaf67b305fdebfc68d892af5e9456334c3926f322d9de5e39ed3294e5498e9a764615f704fa96253862ddef4e415c230fc29fa0e073d9b8c16c6264aa28

    Score
    10/10
    icedid3416991016bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      mar7nal/mar7nal.dll

    • Size

      858KB

    • MD5

      0d4dfb3652a97d182d2ff17b4c76f94d

    • SHA1

      64c1e93b105583172b3b52b971adb07fcf532a2e

    • SHA256

      9ffca977f775e1c763ecb46f3886db85c530ca8b98ddc5739cf1da1157ef7843

    • SHA512

      1c2e4d2d1c6b035bafdb14d3bfbea5dafa5fe2b113e7b1493afe522ba0db9dc961a17d5b0f363be0652118aaa21d1f017b6789e47125bb83f08ddde9812e7f2a

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks