General

  • Target

    demoscan-c49db520-dd57-4417-85a5-8dcf20de5330.iso

  • Size

    1MB

  • Sample

    221004-jjnnpsabak

  • MD5

    09c683ef9df673428ecd0cf0b5054a3a

  • SHA1

    acb1fd4f20cf0537d1323068f6b58c155c736738

  • SHA256

    7aef84a0b5c87ada2445435121ce4222d59cd82888484e45476e26ff855de4e6

  • SHA512

    4fbccb6ea4f14adef93493efd3177bed14d6e05e3fdda1f72735b166ecebed7955f05fb9b5f0386dcdc39dc5bfe6bb8850b6071fe3d9d5494223fe1302bdc822

  • SSDEEP

    24576:GdxrPWjUb7LRC+aqp1TXhlELmgnCRaayhH2reN7n/x0BCpLU6892N6o10:GdxrOjQs+ZpSCgnC1wvNz7pLNN69

Malware Config

Extracted

Family

icedid

Campaign

976968029

C2

triskawilko.com

Targets

    • Target

      demoscan-c49db520-dd57-4417-85a5-8dcf20de5330.lnk

    • Size

      1KB

    • MD5

      8ca36e9fdc991883f27d51a0e82db255

    • SHA1

      2cea6364d7592fd2d5ddc67ae6ec8caf08fb0cfb

    • SHA256

      be55bf499476985669eb72638cce8015ff6f0e70ceb8f7eb21ef30100bef0a1e

    • SHA512

      a0a57abab720f94b1d377954b1b3baaadfbebb9f97f1df76c2195fa887809014784653f6bbd0fd5b9db06cfb0a638b53663ebb981f4e35a31308dfffa92e4529

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks