Overview

overview

10

Static

static

pss10r.chm

windows10-2004-x64

1

run.cmd

windows10-2004-x64

8

ver123.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    demoscan-130722.22935.iso

  • Size

    856KB

  • Sample

    221116-st3eaafg8x

  • MD5

    ac9337deda787156cbab05e574186b2b

  • SHA1

    6cd900819a80a9364d53a271c30f51e1909f0a7d

  • SHA256

    ce5e37fe2bf143ea8af75a9e409ba534908e94b95fa1977ba5b74451267a5a71

  • SHA512

    103d5a1d1f73256cd7d60d3132957653adadc945157b8aa53c42cb18106a59949a0ca939600e5bd5d32cc4dd525179c30afcff4a1277a256f8d587517532450c

  • SSDEEP

    6144:eWDGvSvzMJP0MFNZQFsI5w3IohQsEuzzH1Skh3j/A4FCR4CKK3xhki8pEsiR02:eQGabxkvqw3BAeH1SkdIyazHhkosi2

Score
10/10
icedid1609463178bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1609463178

C2

trolspeaksunt.com

Targets

    • Target

      pss10r.chm

    • Size

      392KB

    • MD5

      56427f0a59b3143217906b2d2ca54c22

    • SHA1

      217bbbf2e8fdbd931e2f9a187ec7acc5d6df4240

    • SHA256

      6186cb37b4f79af5ba3cfae14e6cac77890b9ad5c1ecdaf5c586f1d4a18fb736

    • SHA512

      43f549658ac009435899fa83180e29f07480dd3845a62515d9903762d61d81e4bfed7d7b1a85b177b22b37b5fdb9821e7144dd97fcda65f458b1a3814b56641f

    • SSDEEP

      6144:mWDGvSvzMJP0MFNZQFsI5w3IohQsEuzzH1Skh3j/A4FCR4CKK3xhkio:mQGabxkvqw3BAeH1SkdIyazHhkD

    Score
    1/10
    behavioral1

    • Target

      run.cmd

    • Size

      159B

    • MD5

      bc2545a660518ef0271bdd6a8be3513c

    • SHA1

      ac0e485fe9101774c61a50d81dec32e174795e08

    • SHA256

      f96ca4d15febe51758689d9c93c5ff06449a67aacc9b619c249dd00f7b65d179

    • SHA512

      6b7dc66814b4a74dd8b39c631f24bef16a98a5ac18bb7e31531c41b54c239a56e1050ed3d7f48c9e7a9da094177bd6930148c08eb4ca937a59ca4eb235fc142a

    Score
    8/10

    • Executes dropped EXE

    behavioral2

    • Target

      ver123.dll

    • Size

      96KB

    • MD5

      90bd30300647132d3cee650a69dbdc2f

    • SHA1

      fbb11e4c2623897d6a9e1ffa62d46bf7f5e85e3d

    • SHA256

      927a5893349cc3bdb8a4216d9dc42f0e3eb2f2451d0cf20572f0bba0a7a2c3b8

    • SHA512

      d3acf3b1ec37642af4bcaa952ba267a3ccf1777395f84f8beca6402a4ffaa617ed3d55af4f4c654c6b096f95df3f497aa36e40ac158262a9e1f90e6607655b54

    • SSDEEP

      1536:H/Uo2DoDZjinBQFp5iVp+O22D9YUSh9T9S6PDJUTfhIr083GY2:H/NhP5mpk2a7XsytW6083D2

    Score
    10/10
    icedid1609463178bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral3

MITRE ATT&CK Matrix

Tasks