Overview

overview

10

Static

static

5.bat

windows7-x64

10

5.bat

windows10-2004-x64

10

documents.lnk

windows7-x64

10

documents.lnk

windows10-2004-x64

10

sterli0p.dll

windows7-x64

10

sterli0p.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_Aug-29_document331_unpaid.zip

  • Size

    163KB

  • Sample

    220829-t3ng6adbh9

  • MD5

    78f853e6cc9a06b7d448706a2bd1aa4e

  • SHA1

    aa6954af6223502138e2a80ef77edda5ba93e230

  • SHA256

    0ead45d2886b7c6f94ac19a68f102347cf033f7011ca9d93b944eeba11fd1cbb

  • SHA512

    d768016cc07458d0f79f724d7c8a585c44f1aa10ff1841085337effce91d84a4f4fdd5e3aad7ff5ef279225b1776af0ce839cbca9e00c5b111e9bfc2ce812551

  • SSDEEP

    3072:UV70IhsuMMHmIkBbHnaU7F14xfli9OjufFNBuENvSa4Con45pHqPCsR:UF0IGxLBzawqpC9N5qmZqKsR

Score
10/10
icedid2260774107bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2260774107

C2

godenfasternow.com

Targets

    • Target

      5.bat

    • Size

      31B

    • MD5

      0a0cd27c010edcb08b934c40ac8cfaed

    • SHA1

      9d8db196561e7ef52b2324560ab6e1f7ea206d62

    • SHA256

      9e74609bc28e858af96a70ba0470efd010fe861b0af2a1a88cb8909cb1c0a879

    • SHA512

      c8b644cdc71f5e45ca3af947f1a027479a8b5aae302b5852d382462b4bb5e29fa45a272f74eb8f89d2d5a0e466ca5f6a5ce1076ac43927ae8aa18e7cf85f5f14

    Score
    10/10
    icedid2260774107bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      documents.lnk

    • Size

      1KB

    • MD5

      9629f10740cd3cb2765bb784d0e62dbc

    • SHA1

      ef9019c89073520bdacc63bf93776fbe6a3d6aca

    • SHA256

      e89cd1999517b47805106111e14de4a03669cac30adb3b3304655febce25955f

    • SHA512

      094b0e4d4d7b6106e0b1cb4d32c124e62c691d3717af7b7a7bd3cb7d126adc33c79c816cc6ca00e162221804cf2b991d73159ff0b56a908fab5f7d6fa0a35e2a

    Score
    10/10
    icedid2260774107bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      sterli0p.dll

    • Size

      380KB

    • MD5

      be76e955bcf26aea0c45bc339c875494

    • SHA1

      a4a362f4d18b82334bc834990a92b2640154558b

    • SHA256

      74ec1aefc915a939cda2b028d778566e341c2ef81186a5861b677e3bc6707623

    • SHA512

      dac5011c851993885267d99058cde335997f8c9486a511fe35f78e4e806ce74de96f0919222d0cea79cfbeb6f541af16679243b288f84739a90f559abac09cc0

    • SSDEEP

      6144:UCjagQMt24rn2QQcIU9ycLHvomnVomk81Wa+V7HH2424rn2bBnHIsWrXIy4tBuu4:RjjQMt24rn2rcI9mk8nKHD24rn2tnHf0

    Score
    10/10
    icedid2260774107bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks