Overview

overview

10

Static

static

pss10r.chm

windows7-x64

3

pss10r.chm

windows10-2004-x64

1

run.cmd

windows7-x64

8

run.cmd

windows10-2004-x64

8

ver123.dll

windows7-x64

10

ver123.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    list_of_documents-130722.10920.iso

  • Size

    856KB

  • Sample

    221115-mggddscd8w

  • MD5

    40f67dc8288291f87c8c57e7ecf12ac8

  • SHA1

    f52af6e33d18429d9c38367d8aa33693ed0e3e63

  • SHA256

    97e64043c891792188f4b0a812edccff9e1c584e30ffd57439eed1bf16fbf8d7

  • SHA512

    7262869b6bbc85bb815478c86e1cd05a9353c42026f28976aa019ad29b7f985c5060c2ad3d08eadd7aba0569f4e03709bf0f31b5812bfa36b266cbda8c810873

  • SSDEEP

    12288:QQGabxkvqw3BAeH1SkdIyazHhk3WfvvyShJE:QPKwT+eNdTsyGnvtY

Score
10/10
icedid1609463178bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1609463178

C2

trolspeaksunt.com

Targets

    • Target

      pss10r.chm

    • Size

      392KB

    • MD5

      54011592a20f7e581e25c393ed8a08e2

    • SHA1

      25aacce53c9f7fbb521da79eaf213390413f6c42

    • SHA256

      0d3a9f075e8003cd83914dde494ab3c457f68a8c8797d9060bc565c929eac515

    • SHA512

      d88e143252e9961c3fff96d58712b0a62d8547bb605b2e66c383252c516c9be0ad4e47a58e13ee365da7ec0562c775c5abcbe8814f3f5b2e2da498fe261b1510

    • SSDEEP

      6144:JWDGvSvzMJP0MFNZQFsI5w3IohQsEuzzH1Skh3j/A4FCR4CKK3xhk3K:JQGabxkvqw3BAeH1SkdIyazHhk3K

    Score
    3/10
    behavioral1behavioral2

    • Target

      run.cmd

    • Size

      159B

    • MD5

      bc2545a660518ef0271bdd6a8be3513c

    • SHA1

      ac0e485fe9101774c61a50d81dec32e174795e08

    • SHA256

      f96ca4d15febe51758689d9c93c5ff06449a67aacc9b619c249dd00f7b65d179

    • SHA512

      6b7dc66814b4a74dd8b39c631f24bef16a98a5ac18bb7e31531c41b54c239a56e1050ed3d7f48c9e7a9da094177bd6930148c08eb4ca937a59ca4eb235fc142a

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      ver123.dll

    • Size

      96KB

    • MD5

      3a0f9a2f3042ec8f0e9c7dacab887c07

    • SHA1

      2ad64f42752a9e9d00849f5f18f8548f38e2d9ed

    • SHA256

      4732870c3ad4e5993189dbdfbde5a111a2dbba0c0e8e5fae42cd5a83e82a07b8

    • SHA512

      9dcfccb4aa715ebea459dcb2b75a31e532c762a61a0cb1577a9ee74b111523ad95c6de5b6d82c0b8405c938990f55e0b831be03ebf1418ba050e3c081dc6d739

    • SSDEEP

      1536:d8EdnV7W/DpvDW5CdNtVd3MPVVKTJvfT2Y5fQ+vSwbCHJSjN+XzjWEt3aN:dFnk/D9UCdNtV+NSJvLhvSw8ShJE

    Score
    10/10
    icedid1609463178bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks