Overview

overview

10

Static

static

password.txt.lnk

windows7_x64

10

password.txt.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    password.txt.lnk

  • Size

    1KB

  • Sample

    220623-tjhskagff2

  • MD5

    ee5dc8a66298685a6f6790e32e1a006b

  • SHA1

    8bd4a8e15b8c097283b67dd8201ed41e01cbe794

  • SHA256

    65e7327a6f3efb230a4d61966182f1d1c592aa222f4f820afaca6617680d09bd

  • SHA512

    8c0164d4576959d7d474cd39545db1564e459f0ab55e51df601d132d6667b41e8751d236a3850934b0575ae9c1e09e230019609669276d36849da40400f0613c

Score
10/10
icedid3289900935bankerevasionloadersuricatatrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

https://wang-data-science.com/wp-content/themes/scapeshot/etest.hta

Extracted

Language
hta
Source
URLs
hta.dropper

https://wang-data-science.com/wp-content/themes/scapeshot/etest.hta

Extracted

Family

icedid

Campaign

3289900935

C2

ilzenhwery.com

Targets

    • Target

      password.txt.lnk

    • Size

      1KB

    • MD5

      ee5dc8a66298685a6f6790e32e1a006b

    • SHA1

      8bd4a8e15b8c097283b67dd8201ed41e01cbe794

    • SHA256

      65e7327a6f3efb230a4d61966182f1d1c592aa222f4f820afaca6617680d09bd

    • SHA512

      8c0164d4576959d7d474cd39545db1564e459f0ab55e51df601d132d6667b41e8751d236a3850934b0575ae9c1e09e230019609669276d36849da40400f0613c

    Score
    10/10
    icedid3289900935bankerevasionloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • UAC bypass

      evasiontrojan

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks