Overview

overview

10

Static

static

notice-cf9...f6.lnk

windows7-x64

10

notice-cf9...f6.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    notice-cf9f0bfc-3f0f-4b19-b8ea-dc1a60aa5ef6.iso

  • Size

    2.0MB

  • Sample

    220930-vypp4aebf8

  • MD5

    3fffb19075f543232be27101f94867b2

  • SHA1

    df80d45b7d921a71af9126bf1f5a990869f9319d

  • SHA256

    6f554379bc1f32cb72d555e519193d1b891c0a7af15e2ee442dab1fed2719032

  • SHA512

    99e2ef71236d1cbe46b0af14041971af382882477832037566f76474c310f0ef8af7eb410e6edc2907134afcc9100c45bd9ccd533b4aaab21d41d9a479bbe1d3

  • SSDEEP

    24576:T92N6o108lnK06v6eDCH4qV9mfyGux6pbY43L:0N69qKrCH4qVQydxx4

Score
10/10
icedid976968029bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

976968029

C2

triskawilko.com

Targets

    • Target

      notice-cf9f0bfc-3f0f-4b19-b8ea-dc1a60aa5ef6.lnk

    • Size

      1KB

    • MD5

      b5a3ebdcc901f2aee38315b42ad9e824

    • SHA1

      95d3e0b15be8dcbfe31223bc41ce0084da0f85d4

    • SHA256

      ebaf7a1b66d16ee40cf114f7f49dcf382d4673775f4809e1f79eb37d989e055d

    • SHA512

      fd15da500d73b22beae5d6a77b46fd4be85a6c55fc0c75495e32ea8a11255739fcd29e8be1a6c4a36f0093061d45a63ba3ed645a5b76a192df1af6333c0460e3

    Score
    10/10
    icedid976968029bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks