Overview

overview

10

Static

static

scan-51ea5...1d.lnk

windows7-x64

10

scan-51ea5...1d.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scan-51ea58dd-5b6a-4f56-9717-b102df29341d.iso

  • Size

    2.0MB

  • Sample

    220930-ybwfxafecq

  • MD5

    cd5eb557d582fcacd62fd2b3f9de6c63

  • SHA1

    b2b2ccf95331ce8aa7e6419f8378cb374691b937

  • SHA256

    6bcf0863d6b7c82ddc423accb4fe5582aee8a8cc54549b939c2443c6d3386ed3

  • SHA512

    77037e078f5f6b55b6c281277e3d6b24f085ee686487cba88677f41827352a79165c1c10534e8565fdb9a6bd67dc739aab63411170f6deb7259814ccc7da68dc

  • SSDEEP

    24576:f2hibeYffCX/M9ldDEtz+7053V3zS7YZkF/LZLY+/gfdLY2H:ehynfCXEfdDAl5VYVK

Score
10/10
icedid976968029bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

976968029

C2

triskawilko.com

Targets

    • Target

      scan-51ea58dd-5b6a-4f56-9717-b102df29341d.lnk

    • Size

      1KB

    • MD5

      87e7e9a47ce80f3e08c9f68b903a92fa

    • SHA1

      b529db83c6c9ed87874139b2c26dd98010a08716

    • SHA256

      327ca4b52987166a7c70153317423d47ea8682f7a1930ee5c9d85a5085070a7a

    • SHA512

      407aacaca065d82091bceeae8388bc6043f16eda7c19286312615caedcf3db10cc3a831ac324c6592b4c31d4b5d9fd50d60f385ed4da5de4debc84b81c683222

    Score
    10/10
    icedid976968029bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks