Overview

overview

10

Static

static

Invoice.lnk

windows7_x64

10

Invoice.lnk

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document.iso

  • Size

    220KB

  • Sample

    220706-y1k2gagfgn

  • MD5

    486fe7840ff2990f63e6387481597687

  • SHA1

    31bb7ab39357aa7402bf54b615edd56bb1946553

  • SHA256

    d84858759a5c581373e2f2fe85fa155a3a6cfe55da68df33cfdc7be28c184fcc

  • SHA512

    21ae7194394db951e2f4eaef705991796a2e0ad95da736a53a93cc0be77b5ea243968ca49ca830a843d838e43c0f5d8ec88ba80e4168c55508fdd74f9b8344d2

Score
10/10
icedid1487191074bankerloadersuricatatrojan

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://comradespoon.com/2h.hta

Extracted

Family

icedid

Campaign

1487191074

C2

vneastruzz.com

Extracted

Language
hta
Source
URLs
hta.dropper

http://comradespoon.com/2h.hta

Targets

    • Target

      Invoice.lnk

    • Size

      168KB

    • MD5

      edbd1edc29cbffb556ce1f114cce26b0

    • SHA1

      272d13aacab4f01bef6291bdc6cadfa1056d7487

    • SHA256

      6dedf3cf1241a2db9515459013693dc05dcb0538f99a99aa894a1cd822bac040

    • SHA512

      001efa270ffd6cdb9223a34749f9f6c840efa2a4cfe226ed12cf2941c13b94da3e7ae3e60189f6f89a1bb2c5756b3657335a8fad916e4bbb04cd616d11b4a2d6

    Score
    10/10
    icedid1487191074bankerloadersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks