Overview

overview

10

Static

static

ff1db97985.../5.bat

windows7-x64

10

ff1db97985.../5.bat

windows10-2004-x64

10

ff1db97985...ts.lnk

windows7-x64

10

ff1db97985...ts.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff1db97985083029f7ffdfcda2c8a031f8086a62d42c8af46e617226acf2126d.rar

  • Size

    148KB

  • Sample

    220830-ct1bxsbee2

  • MD5

    7a98084d5ad4369ccf97f55d4a4c096f

  • SHA1

    cc8fa0bf384f3edf9736fc4be345b8c694d2b6ef

  • SHA256

    a5417e0e04eee68ff3f454f6937a24463bdc9c77a7a964f4881f7ed75457fd62

  • SHA512

    0762cb52c7a39a08b12b40e89a185ff4b793b18771f8bfa749a47aa8b644ea2380b049c78243dbad6b77e825cab3a471dc246bd995a21a4112fab0a322397daf

  • SSDEEP

    3072:nLM4ErZOyLEriWj5vTESmMlcMhRXmXkT01uBZ1VsRQ86RhV:n4460TRd/JhZmXkT01unc6RhV

Score
10/10
icedid2260774107bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2260774107

C2

godenfasternow.com

Targets

    • Target

      ff1db97985083029f7ffdfcda2c8a031f8086a62d42c8af46e617226acf2126d/Invoice_Aug-29_document172_unpaid/5.bat

    • Size

      31B

    • MD5

      0a0cd27c010edcb08b934c40ac8cfaed

    • SHA1

      9d8db196561e7ef52b2324560ab6e1f7ea206d62

    • SHA256

      9e74609bc28e858af96a70ba0470efd010fe861b0af2a1a88cb8909cb1c0a879

    • SHA512

      c8b644cdc71f5e45ca3af947f1a027479a8b5aae302b5852d382462b4bb5e29fa45a272f74eb8f89d2d5a0e466ca5f6a5ce1076ac43927ae8aa18e7cf85f5f14

    Score
    10/10
    icedid2260774107bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral1behavioral2

    • Target

      ff1db97985083029f7ffdfcda2c8a031f8086a62d42c8af46e617226acf2126d/Invoice_Aug-29_document172_unpaid/documents.lnk

    • Size

      1KB

    • MD5

      9629f10740cd3cb2765bb784d0e62dbc

    • SHA1

      ef9019c89073520bdacc63bf93776fbe6a3d6aca

    • SHA256

      e89cd1999517b47805106111e14de4a03669cac30adb3b3304655febce25955f

    • SHA512

      094b0e4d4d7b6106e0b1cb4d32c124e62c691d3717af7b7a7bd3cb7d126adc33c79c816cc6ca00e162221804cf2b991d73159ff0b56a908fab5f7d6fa0a35e2a

    Score
    10/10
    icedid2260774107bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks