General

  • Target

    notification_3672325.iso

  • Size

    52KB

  • Sample

    220711-tdgy3safbl

  • MD5

    5799938fddb486a8149c83e61368ee3e

  • SHA1

    137d14f74c137c21bd7547c91a27afb0d7b42073

  • SHA256

    5f878ecde76c4c587d911a4f2bbb6709cb6743f0137e5a22f36de9f2e533c703

  • SHA512

    808f5d3f3e8e023018a20d0a17342b1c301d4d8ea790e36c1ab98ce75f9234f8cfc3f0037d06daa777bf78ea7f20a9bcfa60a7f259c401e89f3ef91c1896ab27

Malware Config

Extracted

Family

icedid

Campaign

177045904

C2

blionarywesta.com

Targets

    • Target

      DATA/TEST1.PS1

    • Size

      255B

    • MD5

      a8e41776e85fa2bb46d61569f05125b1

    • SHA1

      5bbbfb59f45046e8b28e0d8cbcda48362632f4cc

    • SHA256

      17765318d48aabc6b7e1811fce443ee283ce58c4c63db4156bfc5f9c36fc5ed2

    • SHA512

      75032782a96cd441770d14be97e1a2063c7bdf8fd078d5931213b3f9d3364c56496d12165941465f351bdb66ab47e6916ec96966f19ed6184f2eda3205b799e8

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Target

      NOTIFI~1.LNK

    • Size

      1KB

    • MD5

      00f5104d4918972ad7c605428137f680

    • SHA1

      a0a334485a670b459c5d752199dc186e46a36196

    • SHA256

      0f67ae6cfb884d170af88a69de9083231f713f468fee762002148f010fdf7f72

    • SHA512

      ee20634ffc8b9256c0afba74bc975bba99a93fd0404fa578301e1bc838304aebf94afacc9f64b2dea587cdbb7aa043b995f8de8263f28d9fec7b96a15df4dccf

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks