Overview

overview

10

Static

static

loader.bat

windows7_x64

10

loader.bat

windows10-2004_x64

10

r7kom.dll

windows7_x64

10

r7kom.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    June-06028_151-Report.zip

  • Size

    254KB

  • Sample

    220628-vdrc7aahgm

  • MD5

    d48703f574f4626179c98fe712d2222a

  • SHA1

    43b743657a2865de10af720987a6c0ee8c3706ed

  • SHA256

    6751d66b22cf8065ffeb791490f89588abfbdb54d1cb005ba33000d9b8158d0c

  • SHA512

    1fdc57270b9a7b103d9b0803cf87a197afe85f573b77f879890d6bc0e886fe04539131369b45552d51829ce1943147d2cc06bc916a74c3467f08884e08c83bd6

Score
10/10
icedid3568430872bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

3568430872

C2

alionavon.com

Targets

    • Target

      loader.bat

    • Size

      44B

    • MD5

      c3b9d4db526699b5712cd68f381f7fc1

    • SHA1

      186c032f01b361e6d0faa509e21b2bd8576e4bcb

    • SHA256

      e8ad79db4480f652904f07566371acda37ba68e0f41c3a725d61b6dd57648f22

    • SHA512

      070e6c818d943d360f098d82fb6e5c342713a62700a4fd11147ca4f2fa65b5dfde0cae72e87e3f1a8ba9c2c84ae57d0075624f51a42435af88c4a18115baee2b

    Score
    10/10
    icedid3568430872bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      r7kom.dll

    • Size

      451KB

    • MD5

      00c6652355b332b46339da2354482046

    • SHA1

      a2521c32758afad2260f42944570ad06cdcaf9ff

    • SHA256

      07050dd79a5274bbc864510beaf1a17b3fc71b08d4fcab12b0644497a514de91

    • SHA512

      92299af72675d791d534195bd188b9880b6fce324b87f5399f8fcd90c316511a835943169fa0a0b9d0a9bac7b31fad0a184d90a94a6597b2c955bfddc69834c6

    Score
    10/10
    icedid3568430872bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Matrix

Tasks