Overview

overview

10

Static

static

10-05-2022...43.zip

windows10-1703-x64

1

Invoice_PDF#4643.iso

windows10-1703-x64

3

5486/5317.wsf

windows10-1703-x64

1

5486/6083.cmd

windows10-1703-x64

1

5486/rices.txt

windows10-1703-x64

1

5486/shoots.dll

windows10-1703-x64

10

Invoice_PDF.lnk

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10-05-2022Invoice_PDF#4643.zip

  • Size

    193KB

  • Sample

    221117-rm44vsee88

  • MD5

    ac38cb9c3ce081c92111cc7a7c355ee9

  • SHA1

    e9a47e82599dda8a80bb56b8c3ca00f657694d2a

  • SHA256

    bc1772808022680ee13970ed1406948b68ff239021c4598c19306aac70f503ba

  • SHA512

    1e01edcd1d0595ffb993f415c1f35bdf96eb5bf3b8dd96982fc4f6442844df805cc7ba685f7bf2fb854f59fbde034550a39a76cf11e47df524db2fbd1e5b4115

  • SSDEEP

    3072:6LG2gZvwrdGpcHXoiRoK8RRKsLFhygvOx7WEVKodhZDbTs1:iG2fHHXoXRYQj/uWEVKej/Ts1

Score
10/10
icedid2348925224bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2348925224

C2

fireskupigar.com

Targets

    • Target

      10-05-2022Invoice_PDF#4643.zip

    • Size

      193KB

    • MD5

      ac38cb9c3ce081c92111cc7a7c355ee9

    • SHA1

      e9a47e82599dda8a80bb56b8c3ca00f657694d2a

    • SHA256

      bc1772808022680ee13970ed1406948b68ff239021c4598c19306aac70f503ba

    • SHA512

      1e01edcd1d0595ffb993f415c1f35bdf96eb5bf3b8dd96982fc4f6442844df805cc7ba685f7bf2fb854f59fbde034550a39a76cf11e47df524db2fbd1e5b4115

    • SSDEEP

      3072:6LG2gZvwrdGpcHXoiRoK8RRKsLFhygvOx7WEVKodhZDbTs1:iG2fHHXoXRYQj/uWEVKej/Ts1

    Score
    1/10
    behavioral1

    • Target

      Invoice_PDF#4643.iso

    • Size

      594KB

    • MD5

      e1dedd5b8d4cd4a3f1f8f8eb4b12b1bb

    • SHA1

      a7febec1e49e73777d163a8c26b22dc22a1e8532

    • SHA256

      8e160c416fc024431ef35812076f2f5a39a901452a0c841f4f4354113cf5a235

    • SHA512

      4339fbd5e246c2257350e081e41f0258c4057005f024ac7a58c8d4243a13ea0f62f7a2acc8fcb7f58f15085616695c1588555e09bcbd929a9be7defee50e9e20

    • SSDEEP

      6144:QyBTlDXeLXUVbkWAfLapR3qvN6dQM9eyjcnzeX1GmQnehuuS8D52XJ2hfwT7/R7Q:Qyf4QR3XEyXLQEF2V5nKcp6

    Score
    3/10
    behavioral2

    • Target

      5486/5317.wsf

    • Size

      466B

    • MD5

      fb972491a4f0a12128f613f5621157b1

    • SHA1

      6038b615fbc3a347043ad2870f28088c5591ef9f

    • SHA256

      d406630611b35b9419dbd81ed8d35a30601bd0a2e889ff5f0f9f4d3a7a5e08d5

    • SHA512

      5815a8fdacbeb8936b846d7d0d60bcc40fb37449d1d1dcc276403ba2fd7989c46940213808b0775b0faa23c60b820acb26697f282e2c747af0fdcb19b9f3a93e

    Score
    1/10
    behavioral3

    • Target

      5486/6083.cmd

    • Size

      150B

    • MD5

      6218ce0e230564b4559461336fc0c982

    • SHA1

      a642cd03b7ad89170f8e90d2143014d540437c68

    • SHA256

      62bf795ecb602b0aee58f75202eb96ae2b431be9d198e3d138642226347d740e

    • SHA512

      5eec14681291428c1f7dc06faa547824c9bcde12752811f500570902e94b94428c966d6eae8b53a731d5a210773d37fb32572ae6e31f71feb308252e0d5870e5

    Score
    1/10
    behavioral4

    • Target

      5486/rices.txt

    • Size

      50KB

    • MD5

      778fc8aefec98cf2b5926a92f0d88743

    • SHA1

      027a095c075f053fcbde682a1c73cfdfc593ddaf

    • SHA256

      741b9d7b01064701a629fc05be01ceba8aabec7ad415ecc93204647606052e71

    • SHA512

      4ec98b4fbe2b18a4717470b75dd97e4824c53c93254cfde0e50cefe94b48ccdbf00c8009688a888cc9eb079a77d5bbbf80bfc2eb20cf4c5a918602cc469fb833

    • SSDEEP

      1536:p0I/dMGBV1l3Dh9lDCYBQiqMdXlmLN16gAbCcT3DbA+0WAClmb:qIXZBTlDCYplmLNFAbVbATWAClmb

    Score
    1/10
    behavioral5

    • Target

      5486/shoots.dat

    • Size

      479KB

    • MD5

      56d9ea94e4ee190f121a596649bede1d

    • SHA1

      bee5a93148458e0533ec3d71115cdf0493975295

    • SHA256

      a91eb9cdb2d1696d93c2d6fe7736a628b5c02db249c076f3b86638803d3cf4c6

    • SHA512

      717a3acc2e35c8cf8ffb62dde879d82d3141f2746cf7d7081ca88b2fdeaf48df1506031006fb556c73f144646a14fa87b382af59370bc84eba2d2d4da2ed05e0

    • SSDEEP

      6144:napR3qvN6dQM9eyjcnzeX1GmQnehuuS8D52XJ2hfwT7/R7NlFm81nKcpWl2:AR3XEyXLQEF2V5nKcp62

    Score
    10/10
    icedid2348925224bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral6

    • Target

      Invoice_PDF.lnk

    • Size

      1KB

    • MD5

      9f132fb604b7a6b33d78f626570fba42

    • SHA1

      47932f86aef60de0726286ba0c8cf7ff995f04ab

    • SHA256

      54f039840f1ec4dea57106f1be0f285198919914d03be41b229fbf4ed515b35c

    • SHA512

      a4ec12390c18b51780712be68a7c21db1e179a13f05e5b70ded853d8ed935cb7859774bfec227ebbb0cd3f174623046a12223990ad39a0df86151e80c2649e1f

    Score
    3/10
    behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks