General

  • Target

    s4pesa.zip

  • Size

    412KB

  • Sample

    220629-sm5aasaedk

  • MD5

    f9590e5b42490a33415244b20f239f88

  • SHA1

    cdbf4da9663b91cdb9b7d8cc4dc85b1c8fdc1b7b

  • SHA256

    1cb625ae9478f646f53fd2d807d14073803b9ca75d46656d4937d94f4b4d36a9

  • SHA512

    790d5b05e66e6e59adce9286e5a2a6c96c893f0a18b018e691643ea5cf7cd77e35232c476f54278c07689e191d9c100a660427ce0ac38fe861e88d9256d8b20c

Malware Config

Extracted

Family

icedid

Campaign

3652318967

C2

yankyhoni.com

Targets

    • Target

      s4pesa/documents.lnk

    • Size

      2KB

    • MD5

      77e1106d0ee3c074c5aa94663e62ca8c

    • SHA1

      5149a36f2934cbe44a7066e96756d4ecb7a65cbd

    • SHA256

      4633c5e89c5c9e60c3609dfb7f5ca1f0794c2b84c3468cdc2129d942d4e09cf3

    • SHA512

      8644ef5ca3082bf4f062e53bdba5231f5b010c90fae919bb76f16dc46dae10a76e3ef94dca6d6ae709b4aaeb39b80eedbdc41298fc8d561e0561a51cde9575e6

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      s4pesa/s4pesa.dll

    • Size

      731KB

    • MD5

      4259380320bcfe7d3065f0e82257e36c

    • SHA1

      39e0b78813cb2b7f337338375469efad9ba2a79e

    • SHA256

      8522e424d1742369c5e2700d194ad5d53d91b4864c3fddd74ac630b4249c1a87

    • SHA512

      9137960f54302c4dfdd6bab68b977ca4649461c209d583a0c2e284d8b056cfc316d447570a3c8c1d6422a8d93c0bea217210e4f81cc3fb518148b70f750b3195

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks