Overview

overview

10

Static

static

URLScan

urlscan

1

http://quarrelaimles...

windows10-1703-x64

10

Resubmissions

28-09-2022 06:46

220928-hjzwasfca3 1

28-09-2022 06:44

220928-hhwggsgchk 1

28-09-2022 06:35

220928-hcrlcafbg3 10

28-09-2022 06:33

220928-hblcyafbf9 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://quarrelaimless.com/9b3cd056?nphmy=56&refer=https://mixdrop.co/f/ql3ndw6eb3ndw7&kw=["mixdrop","-","watch","beast","2022","720p","amzn","webrip","800mb","x264-galaxyrg"]&key=b8ec1bba676d04d104b756970b8e0395&scrWidth=1600&scrHeight=900&tz=-7&v=22.8.v.2&ship=&sub3=invoke_new&res=13.31&dev=r&psid=mixdrop.co&adb=n

  • Sample

    220928-hcrlcafbg3

Score
10/10
icedid1776411935bankertrojan

Malware Config

Extracted

Family

icedid

Campaign

1776411935

Targets

    • Target

      http://quarrelaimless.com/9b3cd056?nphmy=56&refer=https://mixdrop.co/f/ql3ndw6eb3ndw7&kw=["mixdrop","-","watch","beast","2022","720p","amzn","webrip","800mb","x264-galaxyrg"]&key=b8ec1bba676d04d104b756970b8e0395&scrWidth=1600&scrHeight=900&tz=-7&v=22.8.v.2&ship=&sub3=invoke_new&res=13.31&dev=r&psid=mixdrop.co&adb=n

    Score
    10/10
    icedid1776411935bankertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks