General

  • Target

    Invoi_PDF#2092.iso

  • Size

    1MB

  • Sample

    221002-stk51adhdn

  • MD5

    4fbb948db5431bffabfb1acd743a52f4

  • SHA1

    3ae2779c2ab2a9b7d1a1b62e5583f0f9077a4420

  • SHA256

    98761de8cb4e91079b0c34a1e5558dba347d976fc0ab0250a9f66ad706a93db9

  • SHA512

    784ac4391b442ce160c521cc7c49b844242602ad3fff118cf02c4a0f3c2545470a89866e07a4fb0047adbf70ed599cd28e1bb4482de181510d23ec1f71ab76ee

Malware Config

Extracted

Family

icedid

Campaign

3228182693

C2

tezycronam.com

Targets

    • Target

      Invoi_PDF#2092.iso

    • Size

      1MB

    • MD5

      4fbb948db5431bffabfb1acd743a52f4

    • SHA1

      3ae2779c2ab2a9b7d1a1b62e5583f0f9077a4420

    • SHA256

      98761de8cb4e91079b0c34a1e5558dba347d976fc0ab0250a9f66ad706a93db9

    • SHA512

      784ac4391b442ce160c521cc7c49b844242602ad3fff118cf02c4a0f3c2545470a89866e07a4fb0047adbf70ed599cd28e1bb4482de181510d23ec1f71ab76ee

    Score
    3/10
    • Target

      Invoi_PDF.lnk

    • Size

      1KB

    • MD5

      1e96f1218d05f15180dddbb97a276067

    • SHA1

      0f41fedec8f6a4171b539129e525df7cf5f8963a

    • SHA256

      4ad89eaa612f531842e4db4880f4d74316f24bd3b44616558c632acaf44b7d39

    • SHA512

      c8def8d97382d0be000186e88a16610b2ff92b187078277d887c5a2fedaea1ee6d5863cfb182737aa07ad769baa4b602219e007d6822f013f1c570e8cd68588a

    Score
    3/10
    • Target

      cadets/fidgetingPawnshop.cmd

    • Size

      65B

    • MD5

      002ea214c8edaa96a9811394fc5af03e

    • SHA1

      03fb9fdf99a2a35264bf7fea04bc56cf945fec32

    • SHA256

      00353fbe7f57882e05de635bafc7794e808bf6719bbb01086f52cd69ce10c86b

    • SHA512

      6b527cbdad7b53b3e8f77ee967174c7a16c2484d679d07751b87b71f548464c04e94cff3cf9adca2a4cb406ee37c4ad81a569369c14548d067ceb4014b03866f

    Score
    1/10
    • Target

      cadets/inclines.txt

    • Size

      139KB

    • MD5

      a3e638e6b7f398fb281c8df9dd1fd5ee

    • SHA1

      37160d364d9b5fa68309b9a97b0d3a5f52a9ccc3

    • SHA256

      3d08706db42782f55412105272e366f9f555cab94af6b5c5881601dfd4fb9d13

    • SHA512

      c9490cb86115b2a1d69b29a840605a858a3bdf5061446f1e5a26fc4ba514247792c82f469fb1f250e6a33130ea6def5b4498785006659553397c15dcc73be287

    Score
    1/10
    • Target

      cadets/kidskinHandily.js

    • Size

      201B

    • MD5

      930afbe6bee84ea6886d6b1d311c7a8d

    • SHA1

      748dc6de6d1de416791b99ba4557170412dd46cf

    • SHA256

      75b6486d61516e155fc793a3f5b8f1ae3ff99dee8f8990f982fb7df6a1ba6b19

    • SHA512

      76ed7eaa717f5af51d99cc4204d37ad43704ff1cc79b2566514da2dbf68396526c38b319a5027254bdf5dc5e869a047f15ef2ce238e22d63562b9c4e55bfe819

    Score
    1/10
    • Target

      cadets/located.png

    • Size

      26KB

    • MD5

      d7562d488b392aa85e0c90d924d5f3e0

    • SHA1

      490fb61ad54a9486e04b230bafc03ec3d2b5f06a

    • SHA256

      95a8db1d63b2212d59602c0c908de9bb67f21ea567e97a10d7e9c53e64f88670

    • SHA512

      cbb24b0721f91dd64d9c54404fa568f5774d65ef0602b5bcdb7eff0bdd99834d52b61d8bf2c162c5e85d3da4b1d29bd8e745ff1c83a635d030308189b1a3770e

    Score
    3/10
    • Target

      cadets/obtaining.txt

    • Size

      162KB

    • MD5

      243d3e3702033ad37f46d10121a45cfe

    • SHA1

      ea281a5056787e23b4559a24344f50ae7b32ca30

    • SHA256

      50a58c8736d08dbef76d1ca22761a3ccadd9250c75ccf0235ea4b854ed467045

    • SHA512

      28b4e88bd1aa8c594edb4b4a437f886c046241a4780ab922a8c406d743656970d5dd724bcfd6312bb7e003f6de9854a6e1da191f956bdff6e7def6127f026c83

    Score
    1/10
    • Target

      cadets/oiliness.txt

    • Size

      170KB

    • MD5

      e4ae734495ad84dd9c71df1e7d343583

    • SHA1

      98eebec1763de7b5ce9c6d8a8612f41d7d517b5e

    • SHA256

      8fb2d6f268d52a89dde667c606349e8b3ba2fa9b544534a62a6cd8e62c098550

    • SHA512

      726cb790cfccfbbba36c19ff51d4c1ca4bee94d744a97637d0b86e594223b36b3a7114f0e2676022961c98f688ede43d171957ecd1fa0ff19e372d461a63bd09

    Score
    1/10
    • Target

      cadets/perpendicularly.txt

    • Size

      162KB

    • MD5

      5951428465e51098f54f40be08c89954

    • SHA1

      0619323deb9b9d1792a6b44e39d44ce964a1c384

    • SHA256

      d0d2615d7f163f7f48fe5fb6181e78894e92706444c11391be15d46c3799ed62

    • SHA512

      7a41f6859175740bbb27553eeb0fe08418929e91dd44f000bbff57acc747fc3ecccf8102619f253b9ef0ae96d1488d674709ddda22ca8e46382d639bf2ef95fa

    Score
    1/10
    • Target

      cadets/placeable.png

    • Size

      8KB

    • MD5

      48e0c25fbb3470df1eb11bc719f520eb

    • SHA1

      f4fb32021c08be6ba9353d64c7dfe50ea971b0ac

    • SHA256

      9f01c01d6ba9ca30ea726906ba83db16da37d8dcf727baa8ed7494634ea1043e

    • SHA512

      984c221e8876ef6fd951e27d600e11118bef283b55351e74449f0deb884f3cbcdc0ff6c0a0456519f1210aa2fd11329b7116f78470af916dc1e97ec1c28cd2bc

    Score
    3/10
    • Target

      cadets/possibilities.db

    • Size

      476KB

    • MD5

      d4250398ad351bbde21d0b9acd4c6f12

    • SHA1

      a6b204bc1dda01d0bad2423d1ca527388dc5b579

    • SHA256

      3d271140429827ae54c9261a68dd73ce9a7def6257168b534ec367e5df160bda

    • SHA512

      298b6d30ddf97def2e5ae0a0bf09dade093c99e64e261004a23d9a47376a0a7ae7beaef44b399cf33946cf820329cd9a1adcd958a8c950cfd2f926b73dfe6dc4

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Target

      cadets/suggested.png

    • Size

      51KB

    • MD5

      5c2c9e80acd906058f336a44f8920a42

    • SHA1

      7a55aed6188219faef1ac8095b239b0195237c1a

    • SHA256

      8665404e4cf192187f17527031475ad583424960eb4723422383f7dca631f836

    • SHA512

      12fa189d2a23897714e7f538f12d7a62f0ab0f75ce10e14d922ba0d3448c8f25a1ba129ba51618583b90e719f24e5bb5990463664ac7f073348dc6404f11d019

    Score
    3/10
    • Target

      cadets/teensy.txt

    • Size

      192KB

    • MD5

      91dcfc81b6afe9d8222f142af378bad1

    • SHA1

      6e592f144d66d267b3ef4076f30503662c191cd8

    • SHA256

      c72b485d6f09a322acbd1789ef3c445f205e9e814bfde822df66a37e173cb519

    • SHA512

      feb776dcdb1c1cdd42dc4bf87cbe0786c3c2f8ee77215bb6175fbc48dcb59c1cec8eed7b1834f96aa22440f2f8642ed4009db9858224e6e59d69bde7a5f81fde

    Score
    1/10

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation