Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    document-037.rtf.zip

  • Size

    2.1MB

  • Sample

    220913-lvgewafcc4

  • MD5

    df15eb810cb2982cf23fd8e74a545a34

  • SHA1

    4390d2a3221a426e9ab3c1b0842728b9a3ff0a38

  • SHA256

    83d6dbc86af826ea02bbb978510c92ffe95bb276ef59a76dc891b68e3fda11c3

  • SHA512

    60fb96540ea9df2b715fa1ffc5e50cc0bc21670e73db324c945dab49cde23c5c89e045172d9c974fb529e898c0dd8d897145f5e0dcc8fd4d330476657c927fad

  • SSDEEP

    49152:CtGKkgl5R/4NurkXDYqM/JDK6M3fKgDaKT:6GKk0DHkX8hDK9igDh

Malware Config

Extracted

Family

icedid

Campaign

3281798692

C2

kolinandod.com

Targets

    • Target

      document-037.rtf.zip

    • Size

      2.1MB

    • MD5

      df15eb810cb2982cf23fd8e74a545a34

    • SHA1

      4390d2a3221a426e9ab3c1b0842728b9a3ff0a38

    • SHA256

      83d6dbc86af826ea02bbb978510c92ffe95bb276ef59a76dc891b68e3fda11c3

    • SHA512

      60fb96540ea9df2b715fa1ffc5e50cc0bc21670e73db324c945dab49cde23c5c89e045172d9c974fb529e898c0dd8d897145f5e0dcc8fd4d330476657c927fad

    • SSDEEP

      49152:CtGKkgl5R/4NurkXDYqM/JDK6M3fKgDaKT:6GKk0DHkX8hDK9igDh

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks