Overview

overview

10

Static

static

78bcac34-f...6a.dll

windows7-x64

1

78bcac34-f...6a.dll

windows10-2004-x64

1

a51ae885-4...01.png

windows7-x64

3

a51ae885-4...01.png

windows10-2004-x64

3

doc-0a4386...d4.lnk

windows7-x64

10

doc-0a4386...d4.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.zip

  • Size

    1.1MB

  • Sample

    220930-s3y38aehfj

  • MD5

    5568fa9c054b78083bcf1f77ca21b091

  • SHA1

    429a9ceb846fda0699727dbecde12c3922e445cb

  • SHA256

    5f16a74383818e00f64198f1081cf3f99357b5bd6aa709b86367130d6945d282

  • SHA512

    fb2d2fc9122d60a4580cacdcc80e638e814a37fff39014b5374db55d4f53d453d1498967981ff003478e2720afa7d0a34169b1f7119c9dc53f9597433b400cc6

  • SSDEEP

    24576:MgMHbc25CahOOmSTNej2CEuOEBV3YDw+BifT+JkO5ZksbVSoHhoO5JfDgS13:vMo2sP2TNejmuVBV328CkO5ZtomoGN

Score
10/10
icedid976968029bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

976968029

C2

triskawilko.com

Targets

    • Target

      78bcac34-fc98-4310-a264-74194a64df6a.FZb

    • Size

      672KB

    • MD5

      6b584f0a0462354773a103ce8847829a

    • SHA1

      ee984b967a5effea3397a73093a00d34463fdbbb

    • SHA256

      2daa3a4465204f443309cdc96e287b11e649a16e61216409ff1e880db33b3d10

    • SHA512

      9bb48169ac02cba142c3389fa5ce4acb69c168e91df9e42641adb62b361638d9c997a5cfb67851d8b1686768b260ceb94dda85f825c6cfec9455a2619f4d25f7

    • SSDEEP

      12288:0H4Uq29eewyE0QKwv20JXLYw4wtzofurgQwC2wwwZwU+LnwgP6xdygmwq3P:082uxbEX3P

    Score
    1/10
    behavioral1behavioral2

    • Target

      a51ae885-405c-4324-8173-7c83f1957f01.png

    • Size

      960KB

    • MD5

      bb575c4b910556f9f75147b07a561cee

    • SHA1

      26fe4a7c972c27112183f557e504f5b9ddc18598

    • SHA256

      b0a34c29ed311d9c4c3b9eacdc5208c213adeb6ea247dbeb9081e2acf3a354fa

    • SHA512

      4c51b329c0070ba2ef05c1d689fc680a966eade8d39753360f46084a9ab5229ef7eead98e2d0774ffc426e673d70901c573f6c8a615b02283b5ae981af1f9b8b

    • SSDEEP

      24576:bahKO6SHRej4CQuQQBVvIDw+Bif3UJwO510WLzSoHhoCdJv/wSCA:bJ0HRej4u7BVvmycwO51Namo+t

    Score
    3/10
    behavioral3behavioral4

    • Target

      doc-0a43862f-fa4e-4402-826f-08b910d79ed4.lnk

    • Size

      1KB

    • MD5

      a5c23348c8b4dabf839cd857919948b3

    • SHA1

      6a57f8583f5704709051b2175bfe72daf1d21765

    • SHA256

      667923db3ec71a122a52c895260e64568207c0eea7697d92c4df14428c911b20

    • SHA512

      dfff66c6b69dcde0b164397dae47f3ca61dbbd00fb3fcaf1d8f10b8dc95ec6d496aa733d1845ecb4696c409acee5b4ef03ddf564c571da1dfa2b988294cf88e3

    Score
    10/10
    icedid976968029bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks