General

  • Target

    for_you_presentation-130722.32601.iso

  • Size

    3.0MB

  • Sample

    220718-ja8braada4

  • MD5

    2ffc6ae4b3c06499087fe6d134c614a7

  • SHA1

    f1c974b9524aa5f1444c96d1bb88958084472eb1

  • SHA256

    7c161ef5ec016e2c03993049c45202d34f932d2f487140f594b34c9bf172c0e0

  • SHA512

    e02a384ba5b373b54275ffe5df9a6fa72913b4687e959bf95d4943759864d310297fa7696b847d0c24a7cc5d211a0dfb2140c06dc47ad309f5d43943015c4aa2

Malware Config

Extracted

Family

icedid

Campaign

277711618

C2

bransfortrionaf.com

Targets

    • Target

      for_you_presentation-130722.32601.png.lnk

    • Size

      1KB

    • MD5

      9cc841b8b2fed39c1467089541c6b5b7

    • SHA1

      d7ac54640ee909dceb40e38a6a5d9f47921467c3

    • SHA256

      160b4af6b508486b529707e2c9324981485867a333d799ca5ea812af1011c549

    • SHA512

      5b933f9249b2c4582c74cb0dea54305079a81c719eda9ec9181185c7f597573462470e5531659b841912349e22db68192994a8fb4b65dea788c61d6397b5fad3

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      q4Ya8I9o.dll

    • Size

      59KB

    • MD5

      d314dad3bc7544a407253a06c9e7b4c0

    • SHA1

      6f261032bc2ec8ee50981e3c52a112a07a5da6e0

    • SHA256

      dd0f3f7c40ccc4f8fbe921e8b7db1f9d35a75a686e4ed7b06af52a791364a899

    • SHA512

      a12770ad99955236436489c22b38e02daa3a21900ced2c38f653c2a2c9e469aa8ff08923f40054440f0841cd3e553c475404a74c17b77f4df0f674e6950579d0

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks