Resubmissions

11/07/2022, 23:07

220711-236yhagcg2 10

11/07/2022, 23:02

220711-21lvjsgce2 3

11/07/2022, 17:21

220711-vwzghsbbdr 10

General

  • Target

    notification_7445063.iso

  • Size

    52KB

  • Sample

    220711-vwzghsbbdr

  • MD5

    b567aa8e6dec6432c40b9c1f2d312091

  • SHA1

    117fcab286bbcc2061a5f9951975efb5556f92f7

  • SHA256

    c692971a6d01abb4d1c51b25e18b03818c68b891764fbe1eb8113f8a473d1002

  • SHA512

    0244eaf15f30d5c5d82e66a23987ffa325444a77039c613f5a3ab34fc630ac4058364f0e719211de9476de7caca0ee149aae57e85049e5173e209988a5db68aa

Malware Config

Extracted

Family

icedid

Campaign

177045904

C2

blionarywesta.com

Targets

    • Target

      DATA/TEST1.PS1

    • Size

      254B

    • MD5

      1b5488df8337c5ca90ecd5eca89d8cb1

    • SHA1

      95b3633602915d5dd574ee2bdc586341dcca192c

    • SHA256

      f7ff8630fe5289c50dc83d9b5f528ec980163157447e3449e5a538f1068bd156

    • SHA512

      78c1ec7b03dabb76c039e1fcaf496597ce812dabcab2a7a9c4799e27676f63098d88ca1d8eb7a4ce660dbd8b70fda70319a08e9ba74502bb1ef6616d6f1236f3

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Target

      NOTIFI~1.LNK

    • Size

      1KB

    • MD5

      00f5104d4918972ad7c605428137f680

    • SHA1

      a0a334485a670b459c5d752199dc186e46a36196

    • SHA256

      0f67ae6cfb884d170af88a69de9083231f713f468fee762002148f010fdf7f72

    • SHA512

      ee20634ffc8b9256c0afba74bc975bba99a93fd0404fa578301e1bc838304aebf94afacc9f64b2dea587cdbb7aa043b995f8de8263f28d9fec7b96a15df4dccf

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks