Overview

overview

10

Static

static

pss10r.chm

windows7-x64

3

pss10r.chm

windows10-2004-x64

1

run.cmd

windows7-x64

8

run.cmd

windows10-2004-x64

8

ver123.dll

windows7-x64

10

ver123.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    redacted.document,11.14.22.zip

  • Size

    458KB

  • Sample

    221115-ha681sfc38

  • MD5

    e0082ca22012aaf9d3b33803ea00f7b4

  • SHA1

    53f415023d644d52643bceafbb47aff57d77570c

  • SHA256

    4565f091b2a69c0c375ecdf3eb88c50d0ca38249ae135bc1f190015037124cde

  • SHA512

    c53863ad32dfae9b7e3cde7543af59e62f78fc17b05b5b835d17107a73a78e898689f869534e28f217c553ab54e757bd2c62b667f4f3217976915dd89113efe8

  • SSDEEP

    12288:/A3xrZ0SMEjdUdGdOjCPuI91O9WH5QdIn9aJaa+WC:/8rdMEjdUd3CPuI91IS5Qan9aJaa+WC

Score
10/10
icedid1609463178bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1609463178

C2

trolspeaksunt.com

Targets

    • Target

      pss10r.chm

    • Size

      392KB

    • MD5

      8e5d477d42c9272448757883298cf37e

    • SHA1

      6add06ab9900bf173d187b56b3269a0fac4a8a17

    • SHA256

      be625229a8d2903ad4d680e47f8a93fc52cbd2e8b03594bb0e228797f786a7d4

    • SHA512

      6cc431da961c273e65e03b1eee7fa62a7d4ec6998718d66de703432bcd1712d694bd4383ac7a61f10a2e864193bea2c3e4c0463140841a989be2994106a0ff0b

    • SSDEEP

      6144:uWDGvSvzMJP0MFNZQFsI5w3IohQsEuzzH1Skh3j/A4FCR4CKK3xhkQ:uQGabxkvqw3BAeH1SkdIyazHhkQ

    Score
    3/10
    behavioral1behavioral2

    • Target

      run.cmd

    • Size

      159B

    • MD5

      bc2545a660518ef0271bdd6a8be3513c

    • SHA1

      ac0e485fe9101774c61a50d81dec32e174795e08

    • SHA256

      f96ca4d15febe51758689d9c93c5ff06449a67aacc9b619c249dd00f7b65d179

    • SHA512

      6b7dc66814b4a74dd8b39c631f24bef16a98a5ac18bb7e31531c41b54c239a56e1050ed3d7f48c9e7a9da094177bd6930148c08eb4ca937a59ca4eb235fc142a

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      ver123.dll

    • Size

      96KB

    • MD5

      c002be28e6c72106ce93f8afed7ddba7

    • SHA1

      533ef4b2b8fcbe8cf8842ba7a9b35c530cfd1e33

    • SHA256

      77f25fef713c0e8c269c71f67d6c2aa162601ef4e41433777f6c4a131528eebb

    • SHA512

      c6239328a887c04bdbf589ddb055d530e13b9448eec24ae1cc834eeaeecb91810fa011939230683e984ff14bd0409c8687253d0f17c165626432fb679d4d784c

    • SSDEEP

      3072:zhsRYxpnZaiZuko6XK1DK+hfN/bfw/5hT:txZpkDKo1TfI

    Score
    10/10
    icedid1609463178bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks