Overview

overview

10

Static

static

sol3/documents.lnk

windows7_x64

10

sol3/documents.lnk

windows10-2004_x64

10

sol3/sol3nia.dll

windows7_x64

3

sol3/sol3nia.dll

windows10-2004_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sol3.zip

  • Size

    203KB

  • Sample

    220626-mf9njscef8

  • MD5

    995d85593b6fb6aec1b7c4c0829102cb

  • SHA1

    e2baea6a73fe0c36ebbc3b329bc7e1a94c436a0f

  • SHA256

    6f9dea51a6f29a057bb019b26ac9dafc625c33940e673c79eced1c36c53d1ab0

  • SHA512

    44adab7231a7c2e4459574203d82f8a597bfe7b89601ff4b6d386362666db855d28c2accf60173b4a89f22f0ca16bc1d3851328a5a66ef4415a5444487f37077

Score
10/10
icedid3585208491bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3585208491

C2

bredofenction.com

Targets

    • Target

      sol3/documents.lnk

    • Size

      2KB

    • MD5

      a70b3ec4c53ae4755365ac54d9ee05ec

    • SHA1

      2d991fc5b373182b537300b93329eaee13d2294e

    • SHA256

      2fe44042cfc6602b43204e38bcbc2773d1e4f87be6aa16073625bc1b33af6877

    • SHA512

      57de536a0b7c3ab74aa7480195341a3214162790869cfaede1917558fffb48023206eb68fb0a29d46c2eb720357f70bfe43a4d6a379f19a16f1ab34e28178050

    Score
    10/10
    icedid3585208491bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      sol3/sol3nia.dll

    • Size

      355KB

    • MD5

      1789e8bad7a537dfdb0259ee510a2cea

    • SHA1

      b4cfc4faed732eff5340d172063ae9991c38b054

    • SHA256

      b26ef5630a4b19bbe5e520c5d41000c2b29855a7c8d5c15af9ddf99661e0231c

    • SHA512

      a47d46bbb4df66a0615cdbe660815ca34976d0eea1b024c7a6ca040827bdbc33c7cae5f5a78805c09e3a69a95026c03b2aa11f859e1feecd39a5b5c36e578e3b

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks