Overview

overview

10

Static

static

document_0...id.iso

windows7-x64

3

document_0...id.iso

windows10-2004-x64

3

document.lnk

windows7-x64

3

document.lnk

windows10-2004-x64

3

scabs/func...ive.js

windows7-x64

3

scabs/func...ive.js

windows10-2004-x64

1

scabs/roars.jpg

windows7-x64

3

scabs/roars.jpg

windows10-2004-x64

3

scabs/scaf...ty.cmd

windows7-x64

1

scabs/scaf...ty.cmd

windows10-2004-x64

1

scabs/unsecretive.dll

windows7-x64

10

scabs/unsecretive.dll

windows10-2004-x64

10

scabs/z.txt

windows7-x64

1

scabs/z.txt

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document_09-22_invoice_2567_unpaid.iso

  • Size

    736KB

  • Sample

    220924-22cm9sdfer

  • MD5

    a706c6a089c4a00cb659bac30f585cf6

  • SHA1

    a861e907ec2c7bd5b9c8633a723a78c6c30e5fca

  • SHA256

    5b9bbb2e3bcbf2524e38b2c3b637b1485ee2205bdfd8bdfe896f7cfe9c6d041c

  • SHA512

    765ebd35ddfd7ee9fb6c58f8986ac24414083ab221fd085a30cd23a5fd6e5c8509c1072f590bdcf487e32e1efde438bcf5c87defb120ddf0b3226fd3bd02db3a

  • SSDEEP

    12288:HMp3j+zW2/kP7yj1kuvcU87wHOZOuAwAwFOjHgAO3qJOFHswfwYOmOhHm:spT+zW2/kPu3rQAwAwgHgtqAHswfw7Hm

Score
10/10
icedid1023645195bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1023645195

C2

trallfasterinf.com

Targets

    • Target

      document_09-22_invoice_2567_unpaid.iso

    • Size

      736KB

    • MD5

      a706c6a089c4a00cb659bac30f585cf6

    • SHA1

      a861e907ec2c7bd5b9c8633a723a78c6c30e5fca

    • SHA256

      5b9bbb2e3bcbf2524e38b2c3b637b1485ee2205bdfd8bdfe896f7cfe9c6d041c

    • SHA512

      765ebd35ddfd7ee9fb6c58f8986ac24414083ab221fd085a30cd23a5fd6e5c8509c1072f590bdcf487e32e1efde438bcf5c87defb120ddf0b3226fd3bd02db3a

    • SSDEEP

      12288:HMp3j+zW2/kP7yj1kuvcU87wHOZOuAwAwFOjHgAO3qJOFHswfwYOmOhHm:spT+zW2/kPu3rQAwAwgHgtqAHswfw7Hm

    Score
    3/10
    behavioral1behavioral2

    • Target

      document.lnk

    • Size

      1KB

    • MD5

      9d3bcb0209e7155f487ee87c77407ddc

    • SHA1

      1ba1647270c20c70368ba4eb66f2adc11ba24741

    • SHA256

      95ddab71bad5194f1aa06a893efc6009759fabb27ad95d49da2f8c865981884b

    • SHA512

      8a7cabf850dc10a91bc228ba6d21337d80610a93c0307138a5d52f2af70bcb9dfb974b0cfd10faa7207372a561409b1543cc508fe9aac96d6c8b4e456848d5c2

    Score
    3/10
    behavioral3behavioral4

    • Target

      scabs/functioningReceptive.js

    • Size

      207B

    • MD5

      0534ceeac6a5c7cf61a8a2ef961d807f

    • SHA1

      f26256a9aeeb5491923f9f38c2b30642cad7976a

    • SHA256

      6e70f1b3cf9b66c98f2dbc14b588ea04b7197210dd4cda38a0dc21fcf114e156

    • SHA512

      36b63f0d8c223c84fefc8632232ca0546b5e3b6edaa4e37ce099814ee1f5b21c5cb84e5d17955c87189dbf08798215699633d008ed41935c3cec8752c9563e7f

    Score
    3/10
    behavioral5behavioral6

    • Target

      scabs/roars.jpg

    • Size

      70KB

    • MD5

      d4d7da0fde972f47a5998198f2e6691f

    • SHA1

      239c77e6d8b8f33fdae4c15eb54ab38136a57396

    • SHA256

      b95db993da5c8786a498346368cef6e89714864a64e08d2a5923e9e44255e61e

    • SHA512

      13da745251a02a16bc05cc4b2ca5889068edfbfadbca28fa6174f8d79d040219926d48ea3ec7854677682385fadf87506187e8f242ced7e6a909441daa4d5e5d

    • SSDEEP

      1536:tml7z09MuHOCgBrofUB6kitzwhhzEbK+rddFpuQzOqPrR9AbCZ+5Gw:aRu2Cs8nz6ibKaddFpyqzRmU+53

    Score
    3/10
    behavioral7behavioral8

    • Target

      scabs/scaffoldFelicity.cmd

    • Size

      66B

    • MD5

      551cc8335f416f8e1b895d03043eb581

    • SHA1

      fc6c41610eab5730dec014573ded1c7d1c4704f6

    • SHA256

      7a5a7dadba24a5cd2d3dbd853314b34e3c5bd070d45819daf5f3628242333afe

    • SHA512

      688aebe3af7a0d217cdb92026d33ced2263c7f6ae6daf00c03cf08eaffe502419d47e0fcfeacd59b8c00613ea0067b9b6d4ed14096073b48bfc0596372b67aba

    Score
    1/10
    behavioral9behavioral10

    • Target

      scabs/unsecretive.db

    • Size

      317KB

    • MD5

      b672e45585d248081b8cb139d2c288eb

    • SHA1

      c3e85867915e88847285a4a3cc7c89323b17d0cc

    • SHA256

      5dabc0ba2aee46df76b91392d4c64e6ff8e2f77f2276113169e8c01e9edc3ffd

    • SHA512

      b04e2d9b662e652191b4a2c7d4fcd78b4322204b6156932b5e136ee6448f20f606d187c471ff4d580ba87232352c2c52514401053d3f57b287f85c43ea28d27d

    • SSDEEP

      6144:rtA2m2kP7+sOjcroyI0xwlh8boidmQp1tRdnjU8bv:rW2/kP7yj1kuvcU8L

    Score
    10/10
    icedid1023645195bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral11behavioral12

    • Target

      scabs/z.txt

    • Size

      284KB

    • MD5

      a92c3d8dab1aa26600898ba923a41f6d

    • SHA1

      d7ba06a811fae4eae86760714c562e684fb45d13

    • SHA256

      5a73ccf59df445c45587cd17e214f8d9e35ec8a55afae999d30ac0790f2a273d

    • SHA512

      263f3f4d7f58757eec5b12f79029224b60d0f39ba5b7760db812910356824e5b120342b29965959fedb72916b520a60a288c589912945980b0211565ee355870

    • SSDEEP

      6144:HwuvuOAYOuWAk7wfDubbwFOk5TcHgnCykO3qbETAOFH+S6T1nwXeS3wYOKbOhHm1:HwHOZOuAwAwFOjHgAO3qJOFHswfwYOmT

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks