Overview

overview

10

Static

static

Invoice-tr...nt.lnk

windows10-2004-x64

3

Invoice-tr...ng.dll

windows10-2004-x64

10

Invoice-tr...ip.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PW_Invoice-trappings_adv-82894_ISO.zip

  • Size

    58KB

  • Sample

    221018-ymhdeseacp

  • MD5

    c1e58847de3f3591bf339ca5cada8f25

  • SHA1

    f063870a5df4dc5ef7e31883d8177b0d840e2d00

  • SHA256

    9dd98d9003151d92d8b5d39b135a51a0e4ca8e2ad43e6cffc666c2c6dc8570e9

  • SHA512

    c3468eec0222e526be424ec9fd30e3c134e336bbb9c2bee1a45580907a0466a289a2af242cc12ce4c37780fa0698a403082a6e5247d766d4778e8bb315f7b0d7

  • SSDEEP

    1536:Vykh43ngzcfzxirtYlV6ivXciAWqEQ5sP:QQtzegrtYlV6wXciAWs5A

Score
10/10
icedid4182817597bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

4182817597

C2

salimjizita.com

Targets

    • Target

      Invoice-trappings_adv-82894_ISO/Document.lnk

    • Size

      1KB

    • MD5

      5fb8ac4155c738d146afc2fca775a0b3

    • SHA1

      768f44029c7a77d534cdd44fc18f85c834c61316

    • SHA256

      bb9f93e0450d2e57ea55a6cc8042d5f47478c9bc80636824edb0d813043da758

    • SHA512

      838fd2b5f5cd3ddecd34fe60e57216dd54366e0f76d65006e568c7e298fab128bdc35973ecddacf32303533db3d771949f971cb5bcbf8b91b0977965a1826dfa

    Score
    3/10
    behavioral1

    • Target

      Invoice-trappings_adv-82894_ISO/cabjawbitsly/fellowshipping.dat

    • Size

      127KB

    • MD5

      b116a4f4f1f11921e4116e72ecc776e9

    • SHA1

      0fe7b18f045befc64e43ef6c5f0a684e6471549a

    • SHA256

      403e04507ba3e5a2db7b85bae0b4d4c3588bfffa4fbcdd2bf7e29c68a2543dc3

    • SHA512

      255a8c4c81404b1ae4e56d63fc872e6426a40e62736ee48f760f0e92fa75221945bb24bd820aaaf0c7bd51bbb816b3c523126ebe17965c214d1e7a54549f4bc2

    • SSDEEP

      1536:fXBU4lRA49aRkLM0CU/WuYBlukta0pooMo67L4j9H1AXcbcAfZ4BWIJ+lcNMy:PBU4lp9KkL7CiJkEro670j9H1hcwy

    Score
    10/10
    icedid4182817597bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral2

    • Target

      Invoice-trappings_adv-82894_ISO/cabjawbitsly/wastingworship.bat

    • Size

      1KB

    • MD5

      1a671814b904c65f53ff5387809e3dcd

    • SHA1

      51350700c96692350fa617fdadd86c3baca71235

    • SHA256

      549c27abc5ce277069a10219eac6c7550926041a678a8d54fc8c55fd7cc7de10

    • SHA512

      03b24d14e495df2db27bd2d8e7c80da007cbb8c2b1a7e13ba4829d6cb6eac68a338c6f72f363b3f90a194f82893bb204b5eeaadcfe336fbefc4bb1dee3571d4a

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v6

Tasks