Overview

overview

10

Static

static

Invoice.lnk

windows7_x64

10

Invoice.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice.lnk

  • Size

    178KB

  • Sample

    220706-wl7wkshgg2

  • MD5

    c29d6fc092698aafe01ece64da57254f

  • SHA1

    523e8303f8d6853ef499b742ef5e9d7485803a88

  • SHA256

    d94a96230551df45ea50a618f4ef47ab5f2cceaa612da2acdbd05a34b3e32cae

  • SHA512

    fa37a95c3eb1256bea25cc19f84de5de77f24a38938e062a08fab2073a8cc9ca480fa58fc90103f0e298958605866b1ec192971099dcaca4966bd134ac243e50

Score
10/10
icedid1487191074bankerloadersuricatatrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://comradespoon.com/5h.hta

Extracted

Family

icedid

Campaign

1487191074

C2

vneastruzz.com

Extracted

Language
hta
Source
URLs
hta.dropper

http://comradespoon.com/5h.hta

Targets

    • Target

      Invoice.lnk

    • Size

      178KB

    • MD5

      c29d6fc092698aafe01ece64da57254f

    • SHA1

      523e8303f8d6853ef499b742ef5e9d7485803a88

    • SHA256

      d94a96230551df45ea50a618f4ef47ab5f2cceaa612da2acdbd05a34b3e32cae

    • SHA512

      fa37a95c3eb1256bea25cc19f84de5de77f24a38938e062a08fab2073a8cc9ca480fa58fc90103f0e298958605866b1ec192971099dcaca4966bd134ac243e50

    Score
    10/10
    icedid1487191074bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks