Overview

overview

10

Static

static

documents.lnk

windows7_x64

10

documents.lnk

windows10-2004_x64

10

o5p0se.dll

windows7_x64

10

o5p0se.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zippedISO_ta578.zip

  • Size

    387KB

  • Sample

    220705-z7wxzsfaf3

  • MD5

    be3b4ceced523d89f0f1f141d33c0021

  • SHA1

    776dba1035e627401276fc4c76ff8151314fb3ac

  • SHA256

    85ce7016ae32e9fa8a51534f48d4a31b46a0c7f4d3eb862942b161c877c34ba4

  • SHA512

    7e1dcedb06764ed57a98da9e6e2c75fdc5b60a1e738ee4044a1895e59cba745d58e41bc45a616578a876d8921ac0dd980550870c89cc39853b54119aac7bb510

Score
10/10
icedid1060798742bankerloadersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Targets

    • Target

      documents.lnk

    • Size

      2KB

    • MD5

      221b153dbdad3521bda7049b4496238f

    • SHA1

      5c912f7c3d1bbde2b5c6036e89944201907b8295

    • SHA256

      b5f4d1173a053476903d2a8e193fd710bd011065e30855e259494a13f7f9b2da

    • SHA512

      6296d4a54203680a79de1833b22d35c3e9d3808063777653d53c07d1d09201cc4ad56f150d3419c32faf926ada9567b3acf4e6572bee6901db54f19747fec377

    Score
    10/10
    icedid1060798742bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      o5p0se.dll

    • Size

      673KB

    • MD5

      c59010fb2f9f2986c3830bc1e75e96f9

    • SHA1

      475efec12172022b28e1020b9227f30f956b13a6

    • SHA256

      352b7787103e0e735632fb70a89de041c3c4da7eb2194e5a5eafcc48f6096be4

    • SHA512

      1deff83a4989ec4c1856c34ff686d8828cb7f82f7b0b5b28647bec4696b4ea6242edbc6348163a23316dfc4c2d23ac999fe8bacfd058fd6a0060ea6075eb49a4

    Score
    10/10
    icedid1060798742bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks