Overview

overview

10

Static

static

Invoi_PDF.lnk

windows7-x64

3

Invoi_PDF.lnk

windows10-2004-x64

3

ricocheted...ted.js

windows7-x64

3

ricocheted...ted.js

windows10-2004-x64

1

ricocheted...rs.cmd

windows7-x64

1

ricocheted...rs.cmd

windows10-2004-x64

1

ricocheted...ys.dll

windows7-x64

10

ricocheted...ys.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09-21-2022Invoi_PDF#7540.zip

  • Size

    191KB

  • Sample

    220926-shv6tscchl

  • MD5

    a99dae5201de15b22eed699478432d8a

  • SHA1

    1b50dba26d36de8bc80f36887764a14b49468b63

  • SHA256

    cae719eb6d79919ff8ea80bd07c060e6e6c4e3af346f237495254f72fb049b61

  • SHA512

    cab3d19ac749b948d4b0a07b059492049e196afa6ae38896b1253ae02abe0a3d514dd543c4602ccd800dded85a38febefa0848c0982fababf87846a1e48df0a2

  • SSDEEP

    3072:e7YnnajL9JMc0IpONXymv6oKhUqkIcO6jMvaId/zIRxypbgGttEHmtPGfPOkmey2:ewajL9ASIvgcO4MvaQ/z0Qp8G8GFAOkJ

Score
10/10
icedid2432960414bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2432960414

C2

zalikomanperis.com

Targets

    • Target

      Invoi_PDF.lnk

    • Size

      1KB

    • MD5

      620a18f4ef9e249d196e2197d1622d3a

    • SHA1

      1233f9ab92755ab59ca2edb20d24d6c51fe91e94

    • SHA256

      4912c4ff2bc53c0eb706abd724d266b04046718eff0452efff9d8a71ff60fc1c

    • SHA512

      2334733e2634df90048d6510fe33f5c43ed1556c6fc5122b9b7671a11d2ff57e587896ec546d2ece0320f28c974c02d207031790f2fb5b20df2a3367a966ae97

    Score
    3/10
    behavioral1behavioral2

    • Target

      ricocheted/detonatorUncaptivated.js

    • Size

      257B

    • MD5

      0e21f3235ba12be75a0d9647157b02f0

    • SHA1

      7204c0dba1683c52fe7894a55a3aa2b48d539dd6

    • SHA256

      6df27729f7696ecc1e9c94dc0ba88facdcd624a70b76ab1094662fdf8c074eef

    • SHA512

      8000b9d8dfb03250e55aa4da2ad3a01e9a520c2231aa3639d3f0f33abebf2544bd82fd507272ea9d72043a6b77b53e9107702936860439a296498560da74789b

    Score
    3/10
    behavioral3behavioral4

    • Target

      ricocheted/pregnantTitillators.cmd

    • Size

      87B

    • MD5

      737433fcfa1c14b6d1aff0265e89ddb2

    • SHA1

      3a8f95b297d36a9c4c004ebcf0bdea194f65d21e

    • SHA256

      59300539f96f8851127ff2932157e16a9d9b00f0a6524c74b2a3b8cc595d2953

    • SHA512

      b986073c03eb1b4c6e2c51dbd9fbc15cd92d756da98b47843384abbbf4ee40cbd6bdfc071031f4fa1db6925ca3bddb18c034480e81cd13897d29ef9959065821

    Score
    1/10
    behavioral5behavioral6

    • Target

      ricocheted/trolleys.db

    • Size

      358KB

    • MD5

      fce4595c14985d9e891eda2be3824079

    • SHA1

      362ada53842948089d6567a42c67744877fd1c7d

    • SHA256

      3ab1572c68f1edce3e0f278900d3330c7c18f1964934ba0d5eefab57ebb9c01f

    • SHA512

      1f195abae1ebc7cec3c285db0eb134330468a6e03b786804375d2a94291da666d019157061d827b3c48fa17ae7f7584355770c915d8ccd7177e90ab10c6ad08f

    • SSDEEP

      6144:l6HdvqSwNOTzZLen7qACQ9j6pSHP7csiU302dw9qOL:MPLQHP7AX2djOL

    Score
    10/10
    icedid2432960414bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks