Overview

overview

10

Static

static

for_you_pr...7b.lnk

windows7-x64

10

for_you_pr...7b.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    for_you_presentation-1724680a-9d89-40b7-8567-6c8e5dba127b.iso

  • Size

    1.8MB

  • Sample

    221004-vj4wgabhdn

  • MD5

    3f9b0fbca46f3904637f7678f95e4213

  • SHA1

    de4a97b7e1f2432c00134d30804cd5c3949923b6

  • SHA256

    1cb931a7539d1e340975b0b2a95cb37a784ed5f0f910e5bc9050bd73469073e3

  • SHA512

    30012667c44da84d26836a3a338b7f07dc240f3260463c6ad220f3a274c750b02d4ad368e016356f4231d1dce91e99cb537b22a82d3624295086fce7d8f90df7

  • SSDEEP

    24576:E1/ykh+KcpklmNj6nF57+nWg5umaAEyVKbe5aKaaJOa5mk2JZ8EQXA:+yolmNOn77LbPyVYAnaa75mk2JZ8EKA

Score
10/10
icedid140125615bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

140125615

C2

fireskupigar.com

Targets

    • Target

      for_you_presentation-1724680a-9d89-40b7-8567-6c8e5dba127b.lnk

    • Size

      1KB

    • MD5

      ac8170fe645bf52ef0404ca95dced2d3

    • SHA1

      2fc3a8036b60f2ce158364a159ce6f856171da1b

    • SHA256

      d1b1e998906a646d6fed13a7cd45846b07c4e417f0cc5d0e7c76c51f5b2a50ac

    • SHA512

      c9d119d5dc4b82e8a55d761d91d9091c76073ccd59c7b838d1bb2d51a7006165066ad864886e98115153c632bf3842d53ce505c28603563190931b322d5215d7

    Score
    10/10
    icedid140125615bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks