icedid | d94a96230551df45ea50a618f4ef47ab5f2cceaa612da2acdbd05a34b3e32cae

General

Target

Invoice.lnk
Size

178KB
Sample

220706-zdkb4abba9
MD5

c29d6fc092698aafe01ece64da57254f
SHA1

523e8303f8d6853ef499b742ef5e9d7485803a88
SHA256

d94a96230551df45ea50a618f4ef47ab5f2cceaa612da2acdbd05a34b3e32cae
SHA512

fa37a95c3eb1256bea25cc19f84de5de77f24a38938e062a08fab2073a8cc9ca480fa58fc90103f0e298958605866b1ec192971099dcaca4966bd134ac243e50

Score

10^/10

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://comradespoon.com/5h.hta

Extracted

Family

icedid

Campaign

1487191074

C2

vneastruzz.com

Extracted

Language

hta

Source

URLs

hta.dropper

http://comradespoon.com/5h.hta

Targets

- Target
  
  Invoice.lnk
- Size
  
  178KB
- MD5
  
  c29d6fc092698aafe01ece64da57254f
- SHA1
  
  523e8303f8d6853ef499b742ef5e9d7485803a88
- SHA256
  
  d94a96230551df45ea50a618f4ef47ab5f2cceaa612da2acdbd05a34b3e32cae
- SHA512
  
  fa37a95c3eb1256bea25cc19f84de5de77f24a38938e062a08fab2073a8cc9ca480fa58fc90103f0e298958605866b1ec192971099dcaca4966bd134ac243e50
Score

10^/10

icedid 1487191074 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

IcedID, BokBot

suricata: ET MALWARE Win32/IcedID Request Cookie

Blocklisted process makes network request

Downloads MZ/PE file

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2