Overview

overview

10

Static

static

pss10r.chm

windows7-x64

3

pss10r.chm

windows10-1703-x64

1

run.cmd

windows7-x64

8

run.cmd

windows10-1703-x64

8

ver123.dll

windows7-x64

10

ver123.dll

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-130722.14903.iso

  • Size

    856KB

  • Sample

    221114-yge14sdb99

  • MD5

    5c68c1770c68361ffd6a1e77252e908b

  • SHA1

    9aea002f87110c468a060fdfb52f2904b78fb398

  • SHA256

    01b06d0edf88424afce8026c8cf914837212e82ab064f966dd45fa6b55882fdb

  • SHA512

    4a22fcbd560dfb8979aaf3295f661116e2e6c7bd89904431cb69db4cbfa516c6a78a28f78342492dc3bf317db3b74bf3dc20a53db290f020d8d9fd8c5c842475

  • SSDEEP

    12288:IQGabxkvqw3BAeH1SkdIyazHhkQxZDT1Tf:IPKwT+eNdTsyQxZDBT

Score
10/10
icedid1609463178bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1609463178

C2

trolspeaksunt.com

Targets

    • Target

      pss10r.chm

    • Size

      392KB

    • MD5

      1ab1fc892f0d73b30b958124d51a1978

    • SHA1

      3c59da8769460ed56bfd31a20d091313d7be9085

    • SHA256

      1868997bb4c11f537882632f9ffbc58e3241417f4cf79fcdc4ae46ddc81a6f57

    • SHA512

      47528cdb195416730d7cd049dbec6eefffd149c082fe737a6b706ed3d360547f22d71882d46c09e741a08bb19b4a2c09891ba4b148604f5425311a1a9eed20b5

    • SSDEEP

      6144:iWDGvSvzMJP0MFNZQFsI5w3IohQsEuzzH1Skh3j/A4FCR4CKK3xhkF:iQGabxkvqw3BAeH1SkdIyazHhkF

    Score
    3/10
    behavioral1behavioral2

    • Target

      run.cmd

    • Size

      159B

    • MD5

      bc2545a660518ef0271bdd6a8be3513c

    • SHA1

      ac0e485fe9101774c61a50d81dec32e174795e08

    • SHA256

      f96ca4d15febe51758689d9c93c5ff06449a67aacc9b619c249dd00f7b65d179

    • SHA512

      6b7dc66814b4a74dd8b39c631f24bef16a98a5ac18bb7e31531c41b54c239a56e1050ed3d7f48c9e7a9da094177bd6930148c08eb4ca937a59ca4eb235fc142a

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      ver123.dll

    • Size

      96KB

    • MD5

      d6c6c7e5747aeae222a07770bf22d2c8

    • SHA1

      8c1c899664c82043fe583078ca567667c2c1d328

    • SHA256

      03d1febebc88cd23690ca6885a576916f61d1c9b412d5fb661bbdcdfe9c4a9a0

    • SHA512

      bcb9faad81b7ec7962a0ca832bc790cf953b9adca5e4749c61cc223dcea59684117b7ab1dbd880d383e33abcf5a8ed074f9ef4f0b260744bbc3195577456c32f

    • SSDEEP

      3072:PhsRYxpnZaiZukn6XK1DK+hfN/bfw/5hT:ZxZ2kDKo1TfI

    Score
    10/10
    icedid1609463178bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks