Overview

overview

10

Static

static

Invoice_PDF#3710.iso

windows10-2004-x64

3

5486/4164.wsf

windows10-2004-x64

1

5486/6363.cmd

windows10-2004-x64

1

5486/react.dll

windows10-2004-x64

10

Invoice_PDF.lnk

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Invoice_PDF#3710.iso

  • Size

    594KB

  • Sample

    221005-tbnnvafadp

  • MD5

    e081497ab7cd3da2645a1739b94f3045

  • SHA1

    8bff068f94f3aa1fd8298f7bccc48c8b7bb89be4

  • SHA256

    e47274291e0862ad3e1d34ee6f87d4c2cf1830621d4a20f61207bcac8c41a431

  • SHA512

    70eae6309b6e41becf870932fea8d028fabd282eae9fdf4f04a9d5427bb73979730859df5ee1e68e2bfb9842a4bba4db3d8cb0b6d7d7814b6feb8860d9a835a9

  • SSDEEP

    6144:YkaY+79+lSS5lrtyWz2RcnzEecili1nKcp4dbcYY7Dq79Yfw7CFwn/C6m3EyBTlQ:YZY+5CyWz2JnKcp49nUwn/yf4

Score
10/10
icedid2348925224bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2348925224

C2

fireskupigar.com

Targets

    • Target

      Invoice_PDF#3710.iso

    • Size

      594KB

    • MD5

      e081497ab7cd3da2645a1739b94f3045

    • SHA1

      8bff068f94f3aa1fd8298f7bccc48c8b7bb89be4

    • SHA256

      e47274291e0862ad3e1d34ee6f87d4c2cf1830621d4a20f61207bcac8c41a431

    • SHA512

      70eae6309b6e41becf870932fea8d028fabd282eae9fdf4f04a9d5427bb73979730859df5ee1e68e2bfb9842a4bba4db3d8cb0b6d7d7814b6feb8860d9a835a9

    • SSDEEP

      6144:YkaY+79+lSS5lrtyWz2RcnzEecili1nKcp4dbcYY7Dq79Yfw7CFwn/C6m3EyBTlQ:YZY+5CyWz2JnKcp49nUwn/yf4

    Score
    3/10
    behavioral1

    • Target

      5486/4164.wsf

    • Size

      492B

    • MD5

      48e32bf41ae100c375795a3efb79cc38

    • SHA1

      a100525a27fdec43268a3af82521474fec34f886

    • SHA256

      be00ecb33a816545d8b65aa677f2b9c09a3056ae1638f39f96101931267b5ef2

    • SHA512

      c4f0c9b77924778a49516d0896c163261ea8b941dcb860d4d8afd71cb2e535cbbb086a9d5250bd1f6f3cec0e8092ad162da485fe713e98e4ba76db9ab23b4565

    Score
    1/10
    behavioral2

    • Target

      5486/6363.cmd

    • Size

      166B

    • MD5

      6ec1f31f3dbbc13727c80f9dc394da5f

    • SHA1

      183d51fd30eb61bf7c2606a32b3c73775279269c

    • SHA256

      3180cc4d4817408dc2be977806c7769e28ac18f4c8d0c6008e6cc18c975fa352

    • SHA512

      59d54e2779a33f1b015dd0d31163875daf067f43890395402eb905955c490ee522b8e497135bc452dc1f554c8108a754c1499aa04ee037f1d7bd79df003a2ffa

    Score
    1/10
    behavioral3

    • Target

      5486/react.dat

    • Size

      479KB

    • MD5

      e1cce7870de028737160dd60cab38de3

    • SHA1

      36fc110c770ea382c136826c2749e7468ace21c2

    • SHA256

      c391de9c26528d9cc5f9093a0c5d0b4866418d427235c89fd3f4bb316e39ed85

    • SHA512

      b31f8ae84ffbc8c19be087ff911325bbf306113197c6adf91d78b3d9ccfc8b833e139f315e9274e018858734f24fad7fc7a0442f9278709ed0f2e684eeef0d0e

    • SSDEEP

      6144:ykaY+79+lSS5lrtyWz2RcnzEecili1nKcp4dbcYY7Dq79Yfw7CFwn/C6m39:yZY+5CyWz2JnKcp49nUwne

    Score
    10/10
    icedid2348925224bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral4

    • Target

      Invoice_PDF.lnk

    • Size

      1KB

    • MD5

      9a5bb1413fdca2ea00b60e9ecfc858ad

    • SHA1

      6afc3921d09385534d29088bf7068478b05660c5

    • SHA256

      e5337edfba7749932626dbe8bb195506b2983c617d77d577fd73bd77f1428e09

    • SHA512

      07f6bba16ed0943f3677e5233895655f5a4a6be39585925be2a7a4f4608d6ee4e4d509db79362f93edb08fa1ff62eab0702495f5a64f972c8291013eb3576ff6

    Score
    3/10
    behavioral5

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks