Overview

overview

10

Static

static

daa40acf17...cf.iso

windows7_x64

3

daa40acf17...cf.iso

windows10_x64

3

daa40acf17...cf.iso

windows10-2004_x64

3

daa40acf17...cf.iso

windows11_x64

7683275328...79.dll

windows7_x64

10

7683275328...79.dll

windows10_x64

10

7683275328...79.dll

windows10-2004_x64

10

7683275328...79.dll

windows11_x64

INV871623.txt.lnk

windows7_x64

3

INV871623.txt.lnk

windows10_x64

10

INV871623.txt.lnk

windows10-2004_x64

10

INV871623.txt.lnk

windows11_x64

THjkgeCbhjm.ps1

windows7_x64

10

THjkgeCbhjm.ps1

windows10_x64

10

THjkgeCbhjm.ps1

windows10-2004_x64

10

THjkgeCbhjm.ps1

windows11_x64

notice.txt

windows7_x64

1

notice.txt

windows10_x64

1

notice.txt

windows10-2004_x64

1

notice.txt

windows11_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7658906136.zip

  • Size

    231KB

  • Sample

    220705-tmsryacfe4

  • MD5

    48b9f560de83e668ac75ac6ebc6080b1

  • SHA1

    83c087516ed88dfd99079c781e109f49e8c86ff4

  • SHA256

    c942a533bd1c751d840bcad0fcb2a0a8ef986ce1baf95bd10ca6937fcb18ed5e

  • SHA512

    0247fc3e640e4f275bc66e576f0c8d4f53f1a3a18640e0f99e9e73c20caf90fd0390c82bf4e00ad268e047352c65a1248d64da5644f71579e023acabd5bb5581

Score
10/10
icedid1825398430bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1825398430

C2

ciaontroni.com

Targets

    • Target

      daa40acf17585b2246dc1e9e6610964368f6fb854fdc16a1972c7908c23ab5cf

    • Size

      496KB

    • MD5

      7890c93fc13ca9e643c738a11054ec86

    • SHA1

      0e0f581e3b2b69d4cc139c84e2367ae5af53b5ae

    • SHA256

      daa40acf17585b2246dc1e9e6610964368f6fb854fdc16a1972c7908c23ab5cf

    • SHA512

      7eb809eee53b1dc473b3b1ac21d1c08a6d9e86515d2cc43d970b70d9ba44aa8eb29e9e95e5a0521d5c28334ff5730c80a3f2bbfd4839c3de59ad5be9c2bd09d6

    Score
    3/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      768327532892733679.dll

    • Size

      424KB

    • MD5

      92b73d78e901480734e937cc5a6c0c9d

    • SHA1

      bc4c1a27ae6655bab4749a5fb4d5e6908ae1b563

    • SHA256

      219d1bd045d7c3328184aba4842cc0d36acae7e835564d84ee2d8ffea94e4317

    • SHA512

      85b9999a86f302b6ecf4519c1873eb20095a3700dd1d50f202cb3eae790cbeb21a36c770ae32768c9fa256168164b6b2e704a316cbcd199e31262aa2093c2bc6

    Score
    10/10
    icedid1825398430bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral5behavioral6behavioral7behavioral8

    • Target

      INV871623.txt.lnk

    • Size

      1KB

    • MD5

      7c1073209e40cb0957e097eb86ae4d79

    • SHA1

      fd8b3b87f44bfef8f5a7af23adf496b5494eaf01

    • SHA256

      1202a0e6d4b0282bcade76291346b5b410f05e05c978c087147a4c2006d69b42

    • SHA512

      ac6b78c0657388119e3c7d70c3b708ffbdc643965dcd9d11240b96110559b5e24409bc34921fa700bdeb39c16d37b40b6c1b83420f302137a46c84ca66e61406

    Score
    10/10
    icedid1825398430bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral9behavioral10behavioral11behavioral12

    • Target

      THjkgeCbhjm.ps1

    • Size

      69B

    • MD5

      c7f314e4db039ed46f95c7747d3ecec9

    • SHA1

      3d448506d12a2274424bb24ef9519472fdd5285c

    • SHA256

      caf8215e7e34ce4d16a2e1ee7ad3089bc815d243f84e8e8dffc190983cebc441

    • SHA512

      ce20bea4d6692996b29a9c22e5deb04fe5aa186a5235ee213dd19bdb962bff8cf618feec912b06c66b76c3830f8a36179e371680c28d89e5a865518e28161fdf

    Score
    10/10
    icedid1825398430bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral13behavioral14behavioral15behavioral16

    • Target

      notice.txt

    • Size

      366B

    • MD5

      8054a00a327955bb34ef9d930dc19a20

    • SHA1

      7445f99b93469efb9bd5746cf5c4520f25894150

    • SHA256

      d82a953766e7951c5c49923cdd361377e17d3bb6b321416766344ceb3a6ac165

    • SHA512

      8f0359ab757551af5e8feb7857d3434fdffab0f7f9c26cefcf0fac0dc6d5e31b163aefc75252b340fe7eaeafea6677e894ef5958177680a617bde232a00a58e9

    Score
    1/10
    behavioral17behavioral18behavioral19behavioral20

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
N/A

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
1/10

behavioral5

icedid1825398430bankerloadersuricatatrojan
Score
10/10

behavioral6

icedid1825398430bankerloadersuricatatrojan
Score
10/10

behavioral7

icedid1825398430bankerloadersuricatatrojan
Score
10/10

behavioral8

Score
1/10

behavioral9

Score
3/10

behavioral10

icedid1825398430bankerloadersuricatatrojan
Score
10/10

behavioral11

icedid1825398430bankerloadersuricatatrojan
Score
10/10

behavioral12

Score
1/10

behavioral13

icedid1825398430bankerloadersuricatatrojan
Score
10/10

behavioral14

icedid1825398430bankerloadersuricatatrojan
Score
10/10

behavioral15

icedid1825398430bankerloadersuricatatrojan
Score
10/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10