icedid | d84858759a5c581373e2f2fe85fa155a3a6cfe55da68df33cfdc7be28c184fcc

General

Target

Document.iso
Size

220KB
Sample

220706-y1k2gagfgn
MD5

486fe7840ff2990f63e6387481597687
SHA1

31bb7ab39357aa7402bf54b615edd56bb1946553
SHA256

d84858759a5c581373e2f2fe85fa155a3a6cfe55da68df33cfdc7be28c184fcc
SHA512

21ae7194394db951e2f4eaef705991796a2e0ad95da736a53a93cc0be77b5ea243968ca49ca830a843d838e43c0f5d8ec88ba80e4168c55508fdd74f9b8344d2

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://comradespoon.com/2h.hta

Extracted

Family

icedid

Campaign

1487191074

C2

vneastruzz.com

Extracted

Language

hta

Source

URLs

hta.dropper

http://comradespoon.com/2h.hta

Targets

- Target
  
  Invoice.lnk
- Size
  
  168KB
- MD5
  
  edbd1edc29cbffb556ce1f114cce26b0
- SHA1
  
  272d13aacab4f01bef6291bdc6cadfa1056d7487
- SHA256
  
  6dedf3cf1241a2db9515459013693dc05dcb0538f99a99aa894a1cd822bac040
- SHA512
  
  001efa270ffd6cdb9223a34749f9f6c840efa2a4cfe226ed12cf2941c13b94da3e7ae3e60189f6f89a1bb2c5756b3657335a8fad916e4bbb04cd616d11b4a2d6
Score

10^/10

icedid 1487191074 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

IcedID, BokBot

suricata: ET MALWARE Win32/IcedID Request Cookie

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2