Overview

overview

10

Static

static

edde74a64c...3.html

windows10_x64

10

Resubmissions

06-07-2022 21:32

220706-1d4amsbfa8 10

06-07-2022 21:30

220706-1ck3nsbeh6 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7698676131.zip

  • Size

    27KB

  • Sample

    220706-1d4amsbfa8

  • MD5

    b5db06eb456eec1685804616a355ce1a

  • SHA1

    0104c3671c74714d8b6e8bf188355c37907c517c

  • SHA256

    56fea1fea906e0f79b7d1d403c45fe5210a0431bb09bd02c0ebe4963c8378bff

  • SHA512

    e02b3a0b90e555b451935e23f23070aa2a3a09fec4f2d60ea155491c0804c28b88e6bf58467e261fdc53e0284958cc14f0263505f3760538dc55071c7000fb7a

Score
10/10
icedid1487191074bankersuricatatrojan

Malware Config

Extracted

Family

icedid

Campaign

1487191074

Targets

    • Target

      edde74a64c844a5508f3fd19a6f4ce5f5ae9226b4a41b806aee4ea4640b5ebd3

    • Size

      107KB

    • MD5

      54f62d23772b2788189852b979dae2a6

    • SHA1

      7221fa92302e9e235b8fde46da3447656c0d00e1

    • SHA256

      edde74a64c844a5508f3fd19a6f4ce5f5ae9226b4a41b806aee4ea4640b5ebd3

    • SHA512

      9d49f94952c653943a3f6aebb0b0a6749332303197afb696b72adb7fff4f5be793d24d2f28b97c52803a2e669412444f0a8a39d3302e1189702b124c420b81c1

    Score
    10/10
    icedid1487191074bankersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks