Overview

overview

10

Static

static

pss10r.chm

windows7-x64

3

pss10r.chm

windows10-2004-x64

1

run.cmd

windows7-x64

8

run.cmd

windows10-2004-x64

8

ver123.dll

windows7-x64

10

ver123.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice-130722.31198.iso

  • Size

    856KB

  • Sample

    221115-ha681sfc39

  • MD5

    bfb288d431f2b58cdedd685349e8b13c

  • SHA1

    e1e4d4c8aeee71893871087d28e15bdc3ec40349

  • SHA256

    26a8acb862ae176d149801a6714296c29f7a532719bc05b3031e39868bff36db

  • SHA512

    d4713e5da5a3bd18dc3a99079eafdd57e844547d74ba5e00addd8052c0abdc49dcf2285c3180c35ec82440fec2c432007d4c15357fa2d5831996b5b536b550e8

  • SSDEEP

    12288:mQGabxkvqw3BAeH1SkdIyazHhk1xZKT1Tf:mPKwT+eNdTsy1xZKBT

Score
10/10
icedid1609463178bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1609463178

C2

trolspeaksunt.com

Targets

    • Target

      pss10r.chm

    • Size

      392KB

    • MD5

      8e5d477d42c9272448757883298cf37e

    • SHA1

      6add06ab9900bf173d187b56b3269a0fac4a8a17

    • SHA256

      be625229a8d2903ad4d680e47f8a93fc52cbd2e8b03594bb0e228797f786a7d4

    • SHA512

      6cc431da961c273e65e03b1eee7fa62a7d4ec6998718d66de703432bcd1712d694bd4383ac7a61f10a2e864193bea2c3e4c0463140841a989be2994106a0ff0b

    • SSDEEP

      6144:uWDGvSvzMJP0MFNZQFsI5w3IohQsEuzzH1Skh3j/A4FCR4CKK3xhkQ:uQGabxkvqw3BAeH1SkdIyazHhkQ

    Score
    3/10
    behavioral1behavioral2

    • Target

      run.cmd

    • Size

      159B

    • MD5

      bc2545a660518ef0271bdd6a8be3513c

    • SHA1

      ac0e485fe9101774c61a50d81dec32e174795e08

    • SHA256

      f96ca4d15febe51758689d9c93c5ff06449a67aacc9b619c249dd00f7b65d179

    • SHA512

      6b7dc66814b4a74dd8b39c631f24bef16a98a5ac18bb7e31531c41b54c239a56e1050ed3d7f48c9e7a9da094177bd6930148c08eb4ca937a59ca4eb235fc142a

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      ver123.dll

    • Size

      96KB

    • MD5

      c002be28e6c72106ce93f8afed7ddba7

    • SHA1

      533ef4b2b8fcbe8cf8842ba7a9b35c530cfd1e33

    • SHA256

      77f25fef713c0e8c269c71f67d6c2aa162601ef4e41433777f6c4a131528eebb

    • SHA512

      c6239328a887c04bdbf589ddb055d530e13b9448eec24ae1cc834eeaeecb91810fa011939230683e984ff14bd0409c8687253d0f17c165626432fb679d4d784c

    • SSDEEP

      3072:zhsRYxpnZaiZuko6XK1DK+hfN/bfw/5hT:txZpkDKo1TfI

    Score
    10/10
    icedid1609463178bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks