Overview

overview

10

Static

static

Invoice_PDF.lnk

windows10-2004-x64

3

unamortize...ble.js

windows10-2004-x64

1

unamortize...or.dll

windows10-2004-x64

10

unamortize...ed.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_PDF#4379.iso

  • Size

    1.0MB

  • Sample

    220930-sybr5aeaa4

  • MD5

    ec1d53cff69a007f40e3f489015ab397

  • SHA1

    aa3b7235577cca767bd6acb01d4eb770c40c068c

  • SHA256

    6118b7de05da814ca2ba0f70676db42fc5ec0991510f3c696d27cf4c8a57456a

  • SHA512

    43e66b0d4b4b568024821be3aa92ac61e99f4ac82e18962a51add9df296f59bf5cd205abca1218f727a8d810448ac2884e751f30031324034245570e1f858da0

  • SSDEEP

    24576:DfSuK0NnrHpHpNHH2w2wywFHHyH5HGw9I:uuKErHpHpNHH2w2wywFHHyH5HGw9I

Score
10/10
icedid2399258081bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2399258081

C2

eysneolissionsm.com

Targets

    • Target

      Invoice_PDF.lnk

    • Size

      1KB

    • MD5

      c6fedb0dfe54217c991dacd8c1cb8ec0

    • SHA1

      9a8b4f4e27fe4686a43a950f17916d0ebf3f3bf7

    • SHA256

      d3b83923d7a2af37169858966401949ac9a6e70a68e986a1eccb7fd12b630b3f

    • SHA512

      512a954756867f0478077e9ad2502eb629728353c1cab88268f8c875771664008315f36317648b977085a42377a9df927bf9b0edf83fe0e61774946046a58f98

    Score
    3/10
    behavioral1

    • Target

      unamortized/animatorUnextinguishable.js

    • Size

      250B

    • MD5

      d422d1a5a6adc04d432279ac33bd88fc

    • SHA1

      431fb8b6d286eed4393b1f310e52984f5f1bbeff

    • SHA256

      330522ce90ba4d805b960447407106f4c8c94915d785803cf305f07d73812f5a

    • SHA512

      fb0d3a4c4735e9065af751173c3e852eedf1a54f8fdffa8899290e790201a5a0718468303b778f4a470c335069a21362f6b54b3c8f28cfa9bd7346127cfee8f4

    Score
    1/10
    behavioral2

    • Target

      unamortized/compressor.db

    • Size

      672KB

    • MD5

      ba6a611f93aad4f7eac1febfd6d60407

    • SHA1

      b77fdb4b421e8bb1fc572b91b3f49836aa800a52

    • SHA256

      8a35a570259d70af5288771a231834d20bcb1c02dbac608a2ab680da04bea55a

    • SHA512

      1faf06373d5e485a902b8c5cb1d12e1b46f3a094f5781f136f59224005ebabf3347edb3022f8fd8d4c682ba389d7f4764eeef03bc2e649bf588dedb91ce4dba6

    • SSDEEP

      12288:qg1Mvwyhw4wH2W7o6m/wAwBwf0CM5nANy/wXwwwZwfDnzGy//0QVdrt/pIy:qfSuK0Nn9

    Score
    10/10
    icedid2399258081bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral3

    • Target

      unamortized/rejoinedDenied.cmd

    • Size

      84B

    • MD5

      744e2e2e6b554290639bf2cf4c33c298

    • SHA1

      89cd60e69a61822330455ec2366a4eb6f859e40a

    • SHA256

      21b4eba1f0143120e18dc6fd1bc6661aefa5c9d6fb83f225906a79b16f810dcc

    • SHA512

      4cb7fd7daf39551b7249d99b4592b32e065b165d20bae260c5ea102a501d81b2af6f35508997a746cde62c73acc4890fafd4c2c5638de929fc8be46d1f1b46a8

    Score
    1/10
    behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks