Overview

overview

10

Static

static

document-01925.chm

windows7-x64

3

document-01925.chm

windows10-2004-x64

1

pretty.cmd

windows7-x64

8

pretty.cmd

windows10-2004-x64

8

subtract_lost.dll

windows7-x64

10

subtract_lost.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    document-01925.iso

  • Size

    852KB

  • Sample

    221117-mw1etaac4w

  • MD5

    2d1d7cbd6008da9f5aac4df91f546ae7

  • SHA1

    c84bcb2d4bd10b56e2af0a7837daa56622b24142

  • SHA256

    32e9b7da3bab3f16f77470967c84409b2fc2f719688300ae7d83d53e90ad8a3a

  • SHA512

    6dc902a2b1172e139b8065b52218300833e134365d3e9df8c0ed0ae682106bc05744f55d0886099a63828d1335dae9d9eb19aaa7fd44deda9c503f8998ffab6e

  • SSDEEP

    12288:W32zUDCaD/Qf6Or5J3sV7aeCUeMWJWzAS:DzaCCQfnrncV+bUDW3S

Score
10/10
icedid1626240797bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1626240797

C2

aurasantisflork.com

Targets

    • Target

      document-01925.chm

    • Size

      390KB

    • MD5

      100e12512f73d386e53cf7819f38f034

    • SHA1

      8afc7cc7b2745f9a2f04120c0b906d4cbedefaeb

    • SHA256

      a1d0755433f93cdb538a23b953f160388bef392f03e29c2d40b3109071e13c3e

    • SHA512

      f1c364213334de834ff99cdea28390c77baeba2a684b5175c6480593fdad6027bd9d53d006d3c65269e65ec05f1a39105e8d5da9a2f490d3afd62a599b82d4ef

    • SSDEEP

      6144:W32zUeUCH6Cc/QfFQObfqklJL2FBQPEV7q9oqwo2xVPGehgUN4N95:W32zUDCaD/Qf6Or5J3sV7aeCUg

    Score
    3/10
    behavioral1behavioral2

    • Target

      pretty.cmd

    • Size

      673B

    • MD5

      b39383e26e6b450a9c71cc08d7ed5d7d

    • SHA1

      f237cbe5c940ef5096d53263293432cd9f3c3346

    • SHA256

      f79c1023b9f8b82450436b9ad3411de3e7ffb5aa105598922f153eefadb8bfec

    • SHA512

      883ce4a8f2d27ba24edc17de610560829afd4eb486c09a941db96f2551aadc13ed38da1d5c1e6008fe8ac8d122a30898b6ead0dc5a848547406cdf743de9bc77

    Score
    8/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      subtract_lost.png

    • Size

      95KB

    • MD5

      2281d8971802ab0d1ae4282f26ff95cc

    • SHA1

      8636c460bdd97d8121e1f00f36d0c8b6bf93ac06

    • SHA256

      769cc60e51053a6fefc4e4e167692ef23afab2cd2d6f404ed4fb35b81b82813d

    • SHA512

      2c0c0ccd4f7f54d8b6d013962cba0124b196f50e4ede0ededad08c2ce3f1365a6ce020a88e0dd7c54165335c3a75c72ec6a07860a1542d04e464a3b63a778323

    • SSDEEP

      1536:1y5k7TI5OMPHJ0u25+bCHxMBUZfbKIW4o5mEC6iExd3I+/7CDwrwzLNnIdJDbyHs:z7TI0MBFbCHxMMu45ECXEzYfLtM

    Score
    10/10
    icedid1626240797bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks