icedid | 98761de8cb4e91079b0c34a1e5558dba347d976fc0ab0250a9f66ad706a93db9

Resubmissions

02-10-2022 15:25

221002-stk51adhdn 10

30-09-2022 13:52

220930-q6sdqsdga9 10

Sharing

Copy URL

Twitter E-mail

General

Target

Invoi_PDF#2092.iso
Size

1.4MB
Sample

220930-q6sdqsdga9
MD5

4fbb948db5431bffabfb1acd743a52f4
SHA1

3ae2779c2ab2a9b7d1a1b62e5583f0f9077a4420
SHA256

98761de8cb4e91079b0c34a1e5558dba347d976fc0ab0250a9f66ad706a93db9
SHA512

784ac4391b442ce160c521cc7c49b844242602ad3fff118cf02c4a0f3c2545470a89866e07a4fb0047adbf70ed599cd28e1bb4482de181510d23ec1f71ab76ee
SSDEEP

24576:+oa4+wzDswZwbwPHOHHH+Ygr3n9XupumT1y+leq1i6qgVK9abNhM8wtwdwYMwlwz:k4+wzDswZwbwPHOHHH+Yg7n9XsumpVex

Score

10^/10

Malware Config

Extracted

Family

icedid

Campaign

3228182693

tezycronam.com

Targets

- Target
  
  Invoi_PDF#2092.iso
- Size
  
  1.4MB
- MD5
  
  4fbb948db5431bffabfb1acd743a52f4
- SHA1
  
  3ae2779c2ab2a9b7d1a1b62e5583f0f9077a4420
- SHA256
  
  98761de8cb4e91079b0c34a1e5558dba347d976fc0ab0250a9f66ad706a93db9
- SHA512
  
  784ac4391b442ce160c521cc7c49b844242602ad3fff118cf02c4a0f3c2545470a89866e07a4fb0047adbf70ed599cd28e1bb4482de181510d23ec1f71ab76ee
- SSDEEP
  
  24576:+oa4+wzDswZwbwPHOHHH+Ygr3n9XupumT1y+leq1i6qgVK9abNhM8wtwdwYMwlwz:k4+wzDswZwbwPHOHHH+Yg7n9XsumpVex
Score

3^/10
behavioral1
- Target
  
  Invoi_PDF.lnk
- Size
  
  1KB
- MD5
  
  1e96f1218d05f15180dddbb97a276067
- SHA1
  
  0f41fedec8f6a4171b539129e525df7cf5f8963a
- SHA256
  
  4ad89eaa612f531842e4db4880f4d74316f24bd3b44616558c632acaf44b7d39
- SHA512
  
  c8def8d97382d0be000186e88a16610b2ff92b187078277d887c5a2fedaea1ee6d5863cfb182737aa07ad769baa4b602219e007d6822f013f1c570e8cd68588a
Score

3^/10
behavioral2
- Target
  
  cadets/fidgetingPawnshop.cmd
- Size
  
  65B
- MD5
  
  002ea214c8edaa96a9811394fc5af03e
- SHA1
  
  03fb9fdf99a2a35264bf7fea04bc56cf945fec32
- SHA256
  
  00353fbe7f57882e05de635bafc7794e808bf6719bbb01086f52cd69ce10c86b
- SHA512
  
  6b527cbdad7b53b3e8f77ee967174c7a16c2484d679d07751b87b71f548464c04e94cff3cf9adca2a4cb406ee37c4ad81a569369c14548d067ceb4014b03866f
Score

1^/10
behavioral3
- Target
  
  cadets/inclines.txt
- Size
  
  139KB
- MD5
  
  a3e638e6b7f398fb281c8df9dd1fd5ee
- SHA1
  
  37160d364d9b5fa68309b9a97b0d3a5f52a9ccc3
- SHA256
  
  3d08706db42782f55412105272e366f9f555cab94af6b5c5881601dfd4fb9d13
- SHA512
  
  c9490cb86115b2a1d69b29a840605a858a3bdf5061446f1e5a26fc4ba514247792c82f469fb1f250e6a33130ea6def5b4498785006659553397c15dcc73be287
- SSDEEP
  
  3072:kWdlmKbi4naxbhnlDCvNFTWan2d3NlDCTwMbjC7zliKFNFKlmWhBhl96uZt:kWSKpnQbhnlDeXTWg2PlDywMbi8SNF3u
Score

1^/10
behavioral4
- Target
  
  cadets/kidskinHandily.js
- Size
  
  201B
- MD5
  
  930afbe6bee84ea6886d6b1d311c7a8d
- SHA1
  
  748dc6de6d1de416791b99ba4557170412dd46cf
- SHA256
  
  75b6486d61516e155fc793a3f5b8f1ae3ff99dee8f8990f982fb7df6a1ba6b19
- SHA512
  
  76ed7eaa717f5af51d99cc4204d37ad43704ff1cc79b2566514da2dbf68396526c38b319a5027254bdf5dc5e869a047f15ef2ce238e22d63562b9c4e55bfe819
Score

1^/10
behavioral5
- Target
  
  cadets/located.png
- Size
  
  26KB
- MD5
  
  d7562d488b392aa85e0c90d924d5f3e0
- SHA1
  
  490fb61ad54a9486e04b230bafc03ec3d2b5f06a
- SHA256
  
  95a8db1d63b2212d59602c0c908de9bb67f21ea567e97a10d7e9c53e64f88670
- SHA512
  
  cbb24b0721f91dd64d9c54404fa568f5774d65ef0602b5bcdb7eff0bdd99834d52b61d8bf2c162c5e85d3da4b1d29bd8e745ff1c83a635d030308189b1a3770e
- SSDEEP
  
  768:I+tMbKHhuBqmDhu4VftFJA5DFKasjhw02oT:5mRhB3gDkTjh1TT
Score

3^/10
behavioral6
- Target
  
  cadets/obtaining.txt
- Size
  
  162KB
- MD5
  
  243d3e3702033ad37f46d10121a45cfe
- SHA1
  
  ea281a5056787e23b4559a24344f50ae7b32ca30
- SHA256
  
  50a58c8736d08dbef76d1ca22761a3ccadd9250c75ccf0235ea4b854ed467045
- SHA512
  
  28b4e88bd1aa8c594edb4b4a437f886c046241a4780ab922a8c406d743656970d5dd724bcfd6312bb7e003f6de9854a6e1da191f956bdff6e7def6127f026c83
- SSDEEP
  
  3072:DZOrwZw3ztSBBTSBgSnwCtQu/1ZOK1ZOAjOj/tQTj/tQtH51ZOebZO04SJASoHHh:D8wZwxS/TSCSnwCOo3EOnOtHjdGSmSoh
Score

1^/10
behavioral7
- Target
  
  cadets/oiliness.txt
- Size
  
  170KB
- MD5
  
  e4ae734495ad84dd9c71df1e7d343583
- SHA1
  
  98eebec1763de7b5ce9c6d8a8612f41d7d517b5e
- SHA256
  
  8fb2d6f268d52a89dde667c606349e8b3ba2fa9b544534a62a6cd8e62c098550
- SHA512
  
  726cb790cfccfbbba36c19ff51d4c1ca4bee94d744a97637d0b86e594223b36b3a7114f0e2676022961c98f688ede43d171957ecd1fa0ff19e372d461a63bd09
- SSDEEP
  
  3072:+b1lYwB5CjlDyhag0lPBZNQw6XmhS3NlDcNFy6xbqxnWulPBAUDBXypj3NlDRlma:+bTB0jlDBgABZGnmhKlDcXnb4WWBAUD0
Score

1^/10
behavioral8
- Target
  
  cadets/perpendicularly.txt
- Size
  
  162KB
- MD5
  
  5951428465e51098f54f40be08c89954
- SHA1
  
  0619323deb9b9d1792a6b44e39d44ce964a1c384
- SHA256
  
  d0d2615d7f163f7f48fe5fb6181e78894e92706444c11391be15d46c3799ed62
- SHA512
  
  7a41f6859175740bbb27553eeb0fe08418929e91dd44f000bbff57acc747fc3ecccf8102619f253b9ef0ae96d1488d674709ddda22ca8e46382d639bf2ef95fa
- SSDEEP
  
  3072:+buB73uBbAPBT3NlDCNxq8VoWeYFb3NlD99cDlB+lDyQWtRoWszSlmv3NlDMebvU:+buBjuBbcBRlDqiWecplD9uB+lDatyW7
Score

1^/10
behavioral9
- Target
  
  cadets/placeable.png
- Size
  
  8KB
- MD5
  
  48e0c25fbb3470df1eb11bc719f520eb
- SHA1
  
  f4fb32021c08be6ba9353d64c7dfe50ea971b0ac
- SHA256
  
  9f01c01d6ba9ca30ea726906ba83db16da37d8dcf727baa8ed7494634ea1043e
- SHA512
  
  984c221e8876ef6fd951e27d600e11118bef283b55351e74449f0deb884f3cbcdc0ff6c0a0456519f1210aa2fd11329b7116f78470af916dc1e97ec1c28cd2bc
- SSDEEP
  
  192:mPNtXcmZy2UJJCOq/9hs/2N9SfM6dvRsnfw4MUsLj7Aq3BO:mPNh385Jolm+d6Ynqng
Score

3^/10
behavioral10
- Target
  
  cadets/possibilities.db
- Size
  
  476KB
- MD5
  
  d4250398ad351bbde21d0b9acd4c6f12
- SHA1
  
  a6b204bc1dda01d0bad2423d1ca527388dc5b579
- SHA256
  
  3d271140429827ae54c9261a68dd73ce9a7def6257168b534ec367e5df160bda
- SHA512
  
  298b6d30ddf97def2e5ae0a0bf09dade093c99e64e261004a23d9a47376a0a7ae7beaef44b399cf33946cf820329cd9a1adcd958a8c950cfd2f926b73dfe6dc4
- SSDEEP
  
  6144:mnUq1i6qMhmPGx96QeQSIpBYMeepMRT9xa5yqwT:iUq1i6qbGx4IpheepMFLaAqM
Score

10^/10

icedid 3228182693 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral11
- Target
  
  cadets/suggested.png
- Size
  
  51KB
- MD5
  
  5c2c9e80acd906058f336a44f8920a42
- SHA1
  
  7a55aed6188219faef1ac8095b239b0195237c1a
- SHA256
  
  8665404e4cf192187f17527031475ad583424960eb4723422383f7dca631f836
- SHA512
  
  12fa189d2a23897714e7f538f12d7a62f0ab0f75ce10e14d922ba0d3448c8f25a1ba129ba51618583b90e719f24e5bb5990463664ac7f073348dc6404f11d019
- SSDEEP
  
  768:mARtkZuxQtWS7GNtWBm87+HnTqpgi1aH+yyUhKkpsKvKMEu6AtLBNWR7BBdYT:7VxdtWBmWenOiiIynKv/ErAluR7BQT
Score

3^/10
behavioral12
- Target
  
  cadets/teensy.txt
- Size
  
  192KB
- MD5
  
  91dcfc81b6afe9d8222f142af378bad1
- SHA1
  
  6e592f144d66d267b3ef4076f30503662c191cd8
- SHA256
  
  c72b485d6f09a322acbd1789ef3c445f205e9e814bfde822df66a37e173cb519
- SHA512
  
  feb776dcdb1c1cdd42dc4bf87cbe0786c3c2f8ee77215bb6175fbc48dcb59c1cec8eed7b1834f96aa22440f2f8642ed4009db9858224e6e59d69bde7a5f81fde
- SSDEEP
  
  6144:2NwlTSpTSnwlTTD3wgN7TmRkqEEwFHwuSOwWgFnwlX8wwtj:wwtwdwYMwlwROwTwGw+j
Score

1^/10
behavioral13

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

IcedID, BokBot

Blocklisted process makes network request

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13