Overview

overview

10

Static

static

invoice#488394.iso

windows7-x64

3

invoice#488394.iso

windows10-2004-x64

3

invoice.lnk

windows7-x64

3

invoice.lnk

windows10-2004-x64

3

just/manyGet.js

windows7-x64

3

just/manyGet.js

windows10-2004-x64

1

just/not.txt

windows7-x64

1

just/not.txt

windows10-2004-x64

1

just/themBecause.bat

windows7-x64

1

just/themBecause.bat

windows10-2004-x64

1

just/thingLook.dll

windows7-x64

10

just/thingLook.dll

windows10-2004-x64

10

just/well.txt

windows7-x64

1

just/well.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice(91522)#268883.zip

  • Size

    200KB

  • Sample

    220915-vl64lsdff4

  • MD5

    192bdf225eccaa83da780b57058cff00

  • SHA1

    1fbc3357f9218c721533cb408fbb6dd4039afed6

  • SHA256

    420a9b53025c922bd4be1d93c2812c1d6b121575eba5d1215500c2d90aa9282d

  • SHA512

    f1a9736577c8363e4b0dfd4b63d948f1305c0b4ab90e7167f44d2517c392b69b5c3f9b785f617c27f673e6375ccd7aa23e49213338844f4b604f093fa64b2a29

  • SSDEEP

    6144:B8o6vzB1S26R0Mfn5JL6+fEiMLdzRkij9VYNWqpBQb:BmU26+85JI62VYRQb

Score
10/10
icedid3295293169bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3295293169

C2

pildofraften.com

Targets

    • Target

      invoice#488394.iso

    • Size

      1.3MB

    • MD5

      849846adc858b2dca012a11089329baa

    • SHA1

      65d5ef6dec450a14bd24a5f6ee6d0d739d2f82a2

    • SHA256

      aa03c1ee92830ad562bbb2c0c3d840367e19a1a4f3a7bc03c7e3cfa8a6951606

    • SHA512

      eb6259369740c802f83fc00353914da3942c71d121a09ad1443679760f531011e49eeb30860a8521b145e7cc8b4808ed819691edf2db219ae3fd783d02e5e8c7

    • SSDEEP

      12288:GP0hJ5HRw7GwUwjw1wJgHwYwfw69GwHwMwMcwp8wDftkAqfw45EZUw3xCwlNwcwr:GP0hJ5Hzdx7zs7oj7xH

    Score
    3/10
    behavioral1behavioral2

    • Target

      invoice.lnk

    • Size

      1KB

    • MD5

      d02df40b1b33f15d91c263d509ef075b

    • SHA1

      1610557050fce3cfb4bb5fec061c16026a386671

    • SHA256

      5e86ea9acb71fffba950f7d81f931f08a57d17eaa476807bd0997d0a47fda5d6

    • SHA512

      0351b65be9445a18330ed3369ecab38a6847ad73ecf9cf4b4e6fd11b6e4c8cc44a68e0cb430c495c1713f4972c4bec1d92586caf1dc73c251ca7a23519b82825

    Score
    3/10
    behavioral3behavioral4

    • Target

      just/manyGet.js

    • Size

      211B

    • MD5

      0aef10ff6332321b594406c8bcf2366b

    • SHA1

      ba99800e2eb1a9ef126adb116392e1a4965da0d8

    • SHA256

      8308ab05b1cd1698c0697eddd0492e03665b54c22aca938aaaadad14cbb37831

    • SHA512

      980da6b8dcd7c02f092ec219ad2bf25424edf03521a80bc8333ea895c1db9a41175c7d948075f00f19974639431ef746a1adde53794dd31eb80f6fb031d76d60

    Score
    3/10
    behavioral5behavioral6

    • Target

      just/not.txt

    • Size

      247KB

    • MD5

      9925e76bc73a73c95d0edeac5720ed6b

    • SHA1

      15134ce46b5b093711e9a4ebc2b37aa9c8c119ff

    • SHA256

      67d47f385010ce6c860ab0637f4e8c39ea1a8f7eef9cf3aa2a4c3ebec7d03a8f

    • SHA512

      79125540195cdfafbaacc2eee47695655a76ceec92a5d4eaa2ac44b7f5af63f9603aa96ec7dafcc99b1637d28e39a2bc9a495efd3097bb6e3c2a5a602900464f

    • SSDEEP

      6144:rKlDUNN0SbWZ8bbPwlDllDHZob5MBI94kEEillDcBlD4tlDtyUZ:xP0hJ5Z

    Score
    1/10
    behavioral7behavioral8

    • Target

      just/themBecause.bat

    • Size

      45B

    • MD5

      26135bdaeb0370261df36f21c804d093

    • SHA1

      a635a407afd1561f9408c2a4fb8753d5623c7dad

    • SHA256

      4e79e843ebc28beeaec616f1289154fbea84b59ec85c98fcc9f3c8b13e272d4b

    • SHA512

      621bb0f90787a5ba9092dd9711576bd2da93aad0fb4c637198fb26451c1769f5a2b9141e132020a452b3a02bbeecf5a009f7944c169dc6569f76ac6fd41d05d4

    Score
    1/10
    behavioral9behavioral10

    • Target

      just/thingLook.db

    • Size

      728KB

    • MD5

      4949326c9ecc8b5be72a53e68da614ed

    • SHA1

      a63dab571508dcee9844ac9ba8c36feb7da139de

    • SHA256

      7a3f5daaf1188a7d338382e91a4eb2167f15a87d542abacf164c70a700ab4fe6

    • SHA512

      64364896209519fa1c2c3397a39a9998ada788bf4631c38e0fa8d6919b4c2288e65e5b862764b03d11e7b9edafd25de2ea256c936c2f9312de0e0ba63d8d76cd

    • SSDEEP

      12288:XRw7GwUwjw1wJgHwYwfw69GwHwMwMcwp8wDftkAqfw45EZUw3xCwlNwcwwGwHw9K:X8

    Score
    10/10
    icedid3295293169bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral11behavioral12

    • Target

      just/well.txt

    • Size

      287KB

    • MD5

      d3f5574b3289781b12acfcbcf36d3dc4

    • SHA1

      d45cc4df8a86fa089d3973fbada16731992b6859

    • SHA256

      7e37fc92e4cc24c67723ac712dbc9e006f4c18611cd63788ac90e60c238d89fa

    • SHA512

      9aa6d2e9c585479f7229542f59327416eb880d58211400aed235335b07ab11d3c00b20212f6bfcc7b0988fa8dd10e531122aca96ede5f7657a0e57a12ef99edc

    • SSDEEP

      3072:YMNoIk1cgpxTMjkG0hj3k32JXdk77kJo3G7MoNjrXQkTMa:YkoPGgpxTPG0hbcKu7o2G7MIjrHTT

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Enterprise v6

Tasks