Overview

overview

10

Static

static

pss10r.chm

windows7-x64

3

pss10r.chm

windows10-2004-x64

1

run.cmd

windows7-x64

8

run.cmd

windows10-2004-x64

8

ver123.dll

windows7-x64

10

ver123.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0306e59d0b52279dc773e1cb8cba8203cc39023af0f34bae33c1eda484beeb0b.zip

  • Size

    458KB

  • Sample

    221115-kfyj6sca8y

  • MD5

    ba39392a433ad43ca8fd2b7e3b6d605f

  • SHA1

    578bcc54ba7bf3b3451a66461bb99338a7495f17

  • SHA256

    0306e59d0b52279dc773e1cb8cba8203cc39023af0f34bae33c1eda484beeb0b

  • SHA512

    4864b94aff80e622189d58c12f68768c65d47712141099252f4ccdc505261b87d54edb1d8855273692f82348fd1e2c9cab8ca4830c4bde75d16436cd61a24092

  • SSDEEP

    12288:ww6GYG+qDQXD09P2RUgB8fQcyAhU0M4md5:ww6Gn+09wyfpZqd5

Score
10/10
icedid1609463178bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1609463178

C2

trolspeaksunt.com

Targets

    • Target

      pss10r.chm

    • Size

      392KB

    • MD5

      20fbaccd2166d324d53948e87fe15c26

    • SHA1

      5b022b124335d837ada79b093e807a2dbdc6fd0d

    • SHA256

      e6c58b329804c30442be8159296b54b612c32b038d826d7e2cb058042d9aa852

    • SHA512

      4020dbcdc49b92b771b0d71c5e62e28def9196643c495bcb12fa91b367669d2df6075b79a6f70ed9c91e027de3d91a8c1d572c3ee740a4d53ba67b2b1a2af0df

    • SSDEEP

      6144:MWDGvSvzMJP0MFNZQFsI5w3IohQsEuzzH1Skh3j/A4FCR4CKK3xhk8:MQGabxkvqw3BAeH1SkdIyazHhk8

    Score
    3/10
    behavioral1behavioral2

    • Target

      run.cmd

    • Size

      159B

    • MD5

      bc2545a660518ef0271bdd6a8be3513c

    • SHA1

      ac0e485fe9101774c61a50d81dec32e174795e08

    • SHA256

      f96ca4d15febe51758689d9c93c5ff06449a67aacc9b619c249dd00f7b65d179

    • SHA512

      6b7dc66814b4a74dd8b39c631f24bef16a98a5ac18bb7e31531c41b54c239a56e1050ed3d7f48c9e7a9da094177bd6930148c08eb4ca937a59ca4eb235fc142a

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      ver123.dll

    • Size

      96KB

    • MD5

      f315325aecae49d502589694b6650bf0

    • SHA1

      88b5d50c8e9e4f79b773a268da51a1f90718114c

    • SHA256

      45704a092e0f331dec2c86dc2f7259b4680bb71c542aea59005bf1b1a8a18d3f

    • SHA512

      ff9c89b5a7db2e1262aa87839d2ff41aff56861f241947ed8a857ac8f9904334269c74aff01bd4c8d1bf1f07d3ba1fa3ce02e1ef7c0e64a21e86e0501bd9cb2d

    • SSDEEP

      1536:Z/Uo2DoDZjinBQFp5iVz+O22D9YUSh9T9S6PDJUTfhIr083GY2:Z/NhP5mzk2a7XsytW6083D2

    Score
    10/10
    icedid1609463178bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks