Overview

overview

10

Static

static

INV871623.txt.lnk

windows10_x64

10

INV871623.txt.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7658906136.zip

  • Size

    231KB

  • Sample

    220705-tv6zjaahak

  • MD5

    48b9f560de83e668ac75ac6ebc6080b1

  • SHA1

    83c087516ed88dfd99079c781e109f49e8c86ff4

  • SHA256

    c942a533bd1c751d840bcad0fcb2a0a8ef986ce1baf95bd10ca6937fcb18ed5e

  • SHA512

    0247fc3e640e4f275bc66e576f0c8d4f53f1a3a18640e0f99e9e73c20caf90fd0390c82bf4e00ad268e047352c65a1248d64da5644f71579e023acabd5bb5581

Score
10/10
icedid1825398430bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1825398430

C2

ciaontroni.com

Targets

    • Target

      INV871623.txt.lnk

    • Size

      1KB

    • MD5

      7c1073209e40cb0957e097eb86ae4d79

    • SHA1

      fd8b3b87f44bfef8f5a7af23adf496b5494eaf01

    • SHA256

      1202a0e6d4b0282bcade76291346b5b410f05e05c978c087147a4c2006d69b42

    • SHA512

      ac6b78c0657388119e3c7d70c3b708ffbdc643965dcd9d11240b96110559b5e24409bc34921fa700bdeb39c16d37b40b6c1b83420f302137a46c84ca66e61406

    Score
    10/10
    icedid1825398430bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks