Overview

overview

10

Static

static

Odwikp.dll

windows7-x64

10

Odwikp.dll

windows10-2004-x64

10

Unpaid_394...1.html

windows7-x64

1

Unpaid_394...1.html

windows10-2004-x64

1

document_3...ta.lnk

windows7-x64

3

document_3...ta.lnk

windows10-2004-x64

3

document_3...ed.bat

windows7-x64

1

document_3...ed.bat

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2022-10-31-malware-and-artifacts-from-IcedID-infection.zip

  • Size

    1.4MB

  • Sample

    221108-wbp8sacafr

  • MD5

    269a6c866d215f2e076558c0a5e07c15

  • SHA1

    c61f8c3fc4ab3eefba6c011b553457a16b2bda03

  • SHA256

    0c379e7f59e89605eb70890dfeeb564ac64461fc8911031f15cbf5c4ace639e5

  • SHA512

    971b5359657a45139619b97e8fe4dc7bb83a8fc0744472e2700f4a3e733422003f5e8ea21fdba4b6735d1acd848e1484f7be0b4624375d99e762b852b19d19d8

  • SSDEEP

    24576:fvg8ia70j8/Czvte5KdBcZxtb8VHcAJcg9UjJNPhL3DhUtfYJDfpB0S1tuAfo70s:f48GY6zv45KsZXTI2J7mQdxWS1YAgPtL

Score
10/10
icedid3919082043bankercore_loadertrojan

Malware Config

Extracted

Family

icedid

Botnet

3919082043

C2

pipsolik.art

correctinomind.com
Attributes
  • auth_var

    5

  • url_path

    /news/

Targets

    • Target

      Odwikp.dll

    • Size

      193KB

    • MD5

      f57ab2e5e5720572d5eb19010ec8dcb4

    • SHA1

      205a4c490c6293fdc5f5452b7a55337683f6299b

    • SHA256

      ff3be9c287431fec953681fd50c96632cefaa164a00ab84dcecd1a817537777e

    • SHA512

      10fadbc3ccfb1a4c8d4340815f325b3ffb73e3c9d095fb79ef9a3714ae5cd3f5cc47e2aadfd1115c32356e51187e4b445b9afa8fa4d63c2c76d49fe956bcf6f6

    • SSDEEP

      3072:kOdKwpWWgBMHj1+wUoV6Nh4Gs/MDfIHVbz6Ju5Od5:kp2dgKHj1+w24RoJfd

    Score
    10/10
    icedid3919082043bankercore_loadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral1behavioral2

    • Target

      Unpaid_3945_Oct31.html

    • Size

      245KB

    • MD5

      972114244ef633551cd0eac54e17f144

    • SHA1

      17806b97e908d7ab562e49a6a3583132abee5706

    • SHA256

      eca3ef27738569bbd0d4b577da6848068769e8164d7b3276c4867f3343a8c948

    • SHA512

      1a2ad13c88839b436ac83ac3a7cd5d6d82af5ed35c8739c627b6bf33c63e9331665fd4e2c3d6238692c23c70718bcad89f21603b0c40e259d222c7bc299d2b4d

    • SSDEEP

      6144:QVSATLIqgaQHpV3kvjSem3N/DkSf3Yx1VJSxt+ooYum:ADTLyOjoAK3Yx3JSxcY3

    Score
    1/10
    behavioral3behavioral4

    • Target

      document_3_Oct31.iso.contents/Data.lnk

    • Size

      1KB

    • MD5

      de50e182119825486e99a95372d271d4

    • SHA1

      02910fdd2c5bf6a0c5abcbbe15104e91a6a62f80

    • SHA256

      d2d2bda70687d4c070e06c44008880d1f52859f0e3bca67853978221799d6cbc

    • SHA512

      661c54eae16d89f8e16c3bb860596a4b3dd97042119e316fb327effb1d836dd5af7373c7425211ea82e18f160f55266567e03ee13682e88911092b40923037ea

    Score
    3/10
    behavioral5behavioral6

    • Target

      document_3_Oct31.iso.contents/ribfaymasnot/chickenrelaxed.bat

    • Size

      1KB

    • MD5

      828b1399a4a4ed0982be3def3ac1b9ca

    • SHA1

      5929cbf6381665b40207e11c009aefae2d215cb1

    • SHA256

      0d64fb2cd5cce8f8e8a9ac1c311d1867ec1dadb7622a3bc5e930d1c7063ae62e

    • SHA512

      ba142ad12943295363436b2881089318a104a0b5e18c7fffbc52301aa2b5486ad026dadee86f0a242fa19e59d706402557be4d4a48a1f9e2f1dccfcd3bc88833

    Score
    1/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks