Overview

overview

10

Static

static

Invoi_PDF.lnk

windows10-2004-x64

3

cadets/braved.dll

windows10-2004-x64

10

cadets/tim...ar.cmd

windows10-2004-x64

1

cadets/une...ing.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoi_PDF#8933.iso

  • Size

    1.4MB

  • Sample

    220927-xngb3sebh7

  • MD5

    db8889891be53aa5dfc474c121030446

  • SHA1

    a7d64d574193c066b6a1eb8a5af7611d6196819f

  • SHA256

    eaabf3b87d2261b09bac36a1b9ffd3b0c09c7f4ce3481803dea57c12dbbfaa76

  • SHA512

    97948a2cc6194f207fac2438fb38e81dc9341a94f09de9bf6e3ce1ba43fbf6974c12026f0d1607ad123d97c3d792ba71308e0384357c2087f678b342d8670545

  • SSDEEP

    24576:WDw8sq1i6qFSIxoa4+w6DswZwbwPHOHHH+Ygr3n9XupumT1y+lhhM8wtwdwYMwlu:l8sq1i6qF5x4+w6DswZwbwPHOHHH+YgF

Score
10/10
icedid3228182693bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3228182693

C2

tezycronam.com

Targets

    • Target

      Invoi_PDF.lnk

    • Size

      1KB

    • MD5

      33f0ecc3b42e9c3beef822535ae21dc4

    • SHA1

      8ceeb00b6e1804ee3be59b4d2d0761ae4de60afc

    • SHA256

      ffa08cf40816590855814b800c06c5ebc4afd0e5c0930658938533758bacc70d

    • SHA512

      ac5f6e0483c5dff68fd7276750223ce4ab72da46c67d3522cacbc13a6fb9d338e15d06b7b5056ddaa8d3e7429b159a5c5a69d204b8b3cf5862bf48142d10e66b

    Score
    3/10
    behavioral1

    • Target

      cadets/braved.db

    • Size

      476KB

    • MD5

      41e60934b4352378f755b8b234e28b1d

    • SHA1

      596520cd20a9abf62119c3e3d530e5e99f9dd285

    • SHA256

      5b3ec3844cc7a448071397b8cb488e6b1dd8a35eb66a6046672cf243817f0b03

    • SHA512

      e41cae897b3e4c6b5e228940933a5120d175d39c5939ba9f7a6739d70f6ef0cd71fc7d8302c6d28989be2a1959aaa201265ed28717d093e5d04451567dcbf307

    • SSDEEP

      6144:EowRmpalgwWrQk2wT7Byq1i6qZksSiOmvQeQEer:XwUpalgwbtq7sq1i6qqsSIjer

    Score
    10/10
    icedid3228182693bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral2

    • Target

      cadets/timberedShear.cmd

    • Size

      58B

    • MD5

      acad22ad6fd35617535c67d296460fa3

    • SHA1

      a5572b71b7e2ce09f8d38cb2a8b26ccf15092c02

    • SHA256

      b26ea7a568aa209b0fa5b828efda70be1c0b913a5ee85f98320e332773a41210

    • SHA512

      0bc8a50522013aedd24901bd817df59117eb2334dfc4f6fe235befea71c2d2f5e050832266a803a19c1b95efdf83c006e2d9a4346a65a5da4a3c46ea05677891

    Score
    1/10
    behavioral3

    • Target

      cadets/unerringlyOffering.js

    • Size

      210B

    • MD5

      eec5281c2f8187b40f165a25169ae70a

    • SHA1

      6a8865815123e267438afce3477ccd8e69fcc70f

    • SHA256

      19f60add7b76883b42bb7dc79c4a22b022ee22cacd50d73ee9dc96d7daa4f4ee

    • SHA512

      d2bfbf029ecebff21a10f28d837296cfd54f2414cb0aa6a4d8850d81dc1b59950e539850156609370f7a1fb84eafd56631d2bd7fdbe41e89b32a5c9a8b5ad1a4

    Score
    1/10
    behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks