Overview

overview

10

Static

static

scan-8b2bd...24.iso

windows7-x64

3

scan-8b2bd...24.iso

windows10-2004-x64

3

3270265e-2...35.dll

windows7-x64

1

3270265e-2...35.dll

windows10-2004-x64

1

scan-8b2bd...24.lnk

windows7-x64

10

scan-8b2bd...24.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attachment.zip

  • Size

    1.1MB

  • Sample

    221004-ssfh5abfep

  • MD5

    36efd5e8462b46456ae79ed51df79d2a

  • SHA1

    97d92bcc113d3dcec34c99a74e451ab8e783e448

  • SHA256

    ac10a9d3bfa9c849e71c29773a6a0514e7168c50e35675f39efe770dd9910c79

  • SHA512

    e3ffe6e9f4ec637e68fcde0376486c8878833ec85c295d6e2715d06b8143d5143a387fa1a953cafebcde86d682281d0507640b365f660c3a6f15e5dea83d3679

  • SSDEEP

    24576:rooAWGEh12o26JQ7dSIU1xU5/H3N8UdqH6D4YkGo5+VAZAxuuX:rooAWGEh1tJs8Cv3NtY6D4Wo5vZ+5X

Score
10/10
icedid140125615bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

140125615

C2

fireskupigar.com

Targets

    • Target

      scan-8b2bda1b-2536-411b-a1b3-f54ce7e73124.iso

    • Size

      1.8MB

    • MD5

      1379fddaf175543aaa03d14d9b487ba1

    • SHA1

      59b3b8f97b64149064f24563c51c155c258ca9c2

    • SHA256

      d2178b009e4e39ee1a2afbc6b9ffbc7a2e77f47dbbb6618ae5f25ffacd277834

    • SHA512

      a88d0fb1a43b6eb3861c6f319f58a56394a57b572bd95fd03c0d21183f0c52062a8907c71d7407afabe14fabf738ce3fa8c8ff5a68be9533a3b6476a55d6fb8a

    • SSDEEP

      24576:TB3lPrWuXS/SxockV62gDJmw0WrNpEMiHMFEWQWDyuKcpk:dlPrDvxoT6Fmw0WJGM8QQAyT

    Score
    3/10
    behavioral1behavioral2

    • Target

      3270265e-2684-4dd5-a085-ade5cf0a4a35.fVj

    • Size

      479KB

    • MD5

      ff0659f9c55b7bf3c2571b0ac3336db4

    • SHA1

      a4f5d4eb04ee20ca7537bea06f8b5a40a263f46f

    • SHA256

      a930c4e91e95095ece02d7458c0ebcf911c31e6d82fe53432c5ea121a6cdc930

    • SHA512

      06830cc7b396cbca068a58f8533a8d5c53f80a09221941df3c6388701a3cf567bea8e6d62c3793607ccf648c639d08cc9917a144731796bfc45be040e7b743f3

    • SSDEEP

      6144:jT9EzyOHtyKDRZFLincnzifwl1nKcpE+F6SpmfSJOea/89X7VLFdmlD20m9W:jxEzyKyyv4SnKcpzXFI20p

    Score
    1/10
    behavioral3behavioral4

    • Target

      scan-8b2bda1b-2536-411b-a1b3-f54ce7e73124.lnk

    • Size

      1KB

    • MD5

      00718d06a456f725b8e021b28f61aad0

    • SHA1

      733a257e57ab16c206bd991c13ee5d9779a179ea

    • SHA256

      afdf46308c8696f9c9e8b1d0b8ab3889b81758506a4e7ab5cc028a5db1599e64

    • SHA512

      c1cbe2ef4e766b16d29a8fa87bad3944560c7307c993f49f12a310e32bc1653a79327d1ef78aebb031dc19d3f2c044301c6178743f491f5f1b87eb69187a8e16

    Score
    10/10
    icedid140125615bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks