Overview

overview

10

Static

static

scan-eff31...5e.iso

windows7-x64

3

scan-eff31...5e.iso

windows10-2004-x64

3

f9278b9d-7...53.dll

windows7-x64

1

f9278b9d-7...53.dll

windows10-2004-x64

1

fcdb70d3-d...6f.png

windows7-x64

3

fcdb70d3-d...6f.png

windows10-2004-x64

3

scan-eff31...5e.lnk

windows7-x64

10

scan-eff31...5e.lnk

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scan-eff31ce0-a3c0-46d8-908b-4e425511445e.iso

  • Size

    1.8MB

  • Sample

    221005-nts4dsedfq

  • MD5

    49cb92069329966ee14e23851815e76f

  • SHA1

    ed63bc4da31c45ffe6837469de93fe118650f379

  • SHA256

    1d02432059afe64ed39c002baf0d448d8fa9ae4c694ebc79e7c317cf606e3a67

  • SHA512

    03110ebb6a7f872f118bcb3e6a9686bf18835ac50fbc50b9d034c2fe37089479e2c0dc8677d773cc9f08fd93af44ba9f19e3ac95bb9c5e0b2bfc7af380e21b3e

  • SSDEEP

    24576:h9WSyuKcpkgS/lmowAm/AzMiBJ9VuHfpv/2qcg0MeBTDG5h/rDBClNEeTn:h9pyTfBwAACGZDdKS/r1CYeTn

Score
10/10
icedid140125615bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

140125615

C2

fireskupigar.com

Targets

    • Target

      scan-eff31ce0-a3c0-46d8-908b-4e425511445e.iso

    • Size

      1.8MB

    • MD5

      49cb92069329966ee14e23851815e76f

    • SHA1

      ed63bc4da31c45ffe6837469de93fe118650f379

    • SHA256

      1d02432059afe64ed39c002baf0d448d8fa9ae4c694ebc79e7c317cf606e3a67

    • SHA512

      03110ebb6a7f872f118bcb3e6a9686bf18835ac50fbc50b9d034c2fe37089479e2c0dc8677d773cc9f08fd93af44ba9f19e3ac95bb9c5e0b2bfc7af380e21b3e

    • SSDEEP

      24576:h9WSyuKcpkgS/lmowAm/AzMiBJ9VuHfpv/2qcg0MeBTDG5h/rDBClNEeTn:h9pyTfBwAACGZDdKS/r1CYeTn

    Score
    3/10
    behavioral1behavioral2

    • Target

      f9278b9d-76e2-4906-a05d-e32838817e53.ns7

    • Size

      479KB

    • MD5

      15e420d8b850cfb0f1b633ad14ff3dc3

    • SHA1

      ebfda76df1208ecc350a52c7e7edc8dd74031a12

    • SHA256

      48674f756f91f1a71bdf0daceb298267053e437a84fe04ec2f7274f7f23df04f

    • SHA512

      49b4247b9081d41d7624ffa965496509e0a8af95e084c5b2943bf2dbc5162fd23dfc90e2115d4a71a258e470a81d1173eaf08bee85367931971033102b74ad3c

    • SSDEEP

      6144:mLT9EzfOHtyKDRZFLincnzifwl1nKcpE+F6SpmfSJOea/89X7VLFdmlD20m9x:mLxEzfKyyv4SnKcpzXFI20q

    Score
    1/10
    behavioral3behavioral4

    • Target

      fcdb70d3-d57c-4d59-8fdc-0fb92d849a6f.png

    • Size

      961KB

    • MD5

      e8345d39ba692762d3a4e6e33f3fc3a4

    • SHA1

      a76bbedaf5e3a9b56fbc63c08907a514ec07bb08

    • SHA256

      25ed47c20973c4257f118d401f74051f68477a0adc3acf6f9fc6a686ea35ff53

    • SHA512

      d870c06a6b570c1b0fab9cbda01d035a4378eedd6a10041909c6e92b28e8ed76b0cf9e34eb450c09ba7a939b6e93cb11f70ee66281a6ecba3a3b641ec389881d

    • SSDEEP

      24576:rS/lmowAm/AzMiBJ9VuHfpv/2qcg0MeBTDG5h/rDBClNEeTnZ:oBwAACGZDdKS/r1CYeTnZ

    Score
    3/10
    behavioral5behavioral6

    • Target

      scan-eff31ce0-a3c0-46d8-908b-4e425511445e.lnk

    • Size

      1KB

    • MD5

      8ff28dca0999e8569056509466709056

    • SHA1

      7c035f7f672e4710e2cd56ceca55e8a380668342

    • SHA256

      2b5bf9ed72e3456aa25a0c70166b18a1ea29c7b203b11fdc6a316b7b2658e786

    • SHA512

      ecff57c3b2ea3eec5263f0a6a659f5f85e5caacd09002ad2c8cb716ca4a9a506d9a45e676c864a9a5088010a1e298302200cc1e5ae41958857e4eda25ffb1f63

    Score
    10/10
    icedid140125615bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

4
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks