Overview

overview

10

Static

static

Invoice-09...nt.lnk

windows10-2004-x64

3

Invoice-09...ng.bat

windows10-2004-x64

1

Invoice-09...ng.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PW_Invoice-09-28#223_PDF_ISO.zip

  • Size

    223KB

  • Sample

    220928-vsmcsahgek

  • MD5

    3ff631777d28aa94531f9284e0ec4e64

  • SHA1

    eb350234ad9d402281923428afb8b6fb49483db3

  • SHA256

    e8149f766d80f9c0d52d8b3ef31e8e5649b8248ffd051ff22d5cb892b526b89f

  • SHA512

    b2e4c96e7446c36bcd10d9b96af4c69cab41ea1e6a540ba32d7578f0e75baae2e6a8c66b97b9f07bfc4b003e015385ea36d8ae8f88cfa0acdef34f064179a447

  • SSDEEP

    6144:vDDe4btq2UamlvNi2WcKYhiNFp5p5QJCiu3ZP02FP4oqAOi:fVbHUamlxvMNVp5niS02FPp

Score
10/10
icedid2220668032bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2220668032

C2

alockajilly.com

Targets

    • Target

      Invoice-09-28#223_PDF_ISO/document.lnk

    • Size

      1KB

    • MD5

      841701093a32bc34e756dcb41774463b

    • SHA1

      cd13d56ff52e454ac85f63ae0103d2e78fc29fa9

    • SHA256

      61590c3a2e92c7a915b0c3a37b16acafc500d83b1ec3801dce1d31bba545839e

    • SHA512

      2e1a27c43443a3826dbf9c506d2e02cd05d0d52823602efc032e7bb09d80ac8d100a25ed5b16be3717a1e495f24afb212f9b85f9afabca6923985d54628c5540

    Score
    3/10
    behavioral1

    • Target

      Invoice-09-28#223_PDF_ISO/inn/hypoing.bat

    • Size

      1KB

    • MD5

      f81e67bd7820b8807e21eb7df6555c45

    • SHA1

      4e90e2d8d81cf96e55a0437afedd0054c69c15ee

    • SHA256

      8019f1a64f9e5b8a7105042b4be4c72152cf2085fb50ca68baddb4d8d2c81250

    • SHA512

      769f1664ef20e627958988ea87cca922c6ab85dbabb0ee634803e3b713f519395a0fed167200771d43e84bb10f5dafc55fca401cb51e3d2547cccc4b9c18fca6

    Score
    1/10
    behavioral2

    • Target

      Invoice-09-28#223_PDF_ISO/inn/intercropping.dat

    • Size

      679KB

    • MD5

      e4b39d0c58cb6117bd739baf08eea95c

    • SHA1

      42c7dd07d561bc5858d9e793d7ea91eb356bd663

    • SHA256

      d77ab2b3c60a0eaaf2327c388625d239117b6f902619347e9a0ffa5ce1b9e6a7

    • SHA512

      74b95c6888e3cc9a24a4141ddfcf074cb380ccff6468b2135632122062cdc62dbbb18af69223541b6cee50c0e4dbb678bc5acc155e21d38e183377b54bee6a37

    • SSDEEP

      6144:ypOH6HGSOHyxj84LoOjlMsfEfv8LBUNObzJHdQIa98HrKg8x/IXS:yXGSgyoOhMX8hQQS

    Score
    10/10
    icedid2220668032bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks