Overview

overview

10

Static

static

Presentation.lnk

windows7-x64

3

Presentation.lnk

windows10-2004-x64

3

allnahgotb...ry.bat

windows7-x64

1

allnahgotb...ry.bat

windows10-2004-x64

1

allnahgotb...ng.dll

windows7-x64

10

allnahgotb...ng.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Downloads.7z

  • Size

    33KB

  • Sample

    221117-zyyefsbf8y

  • MD5

    a2f33487009a7d22167fb983ef937c32

  • SHA1

    d78e4d6314584b103cada2df0ce138a180bef4e6

  • SHA256

    ca0e72257dd3b610f08e0a7656e034b9028b73a72a17e7810081415af18d130c

  • SHA512

    64e3dcce388adace9afd92143ddc1a214bb9f334fa83547428e27cf7cc49e5cb939364439b237830627f6bb46c63dccc44b6bf60cc187e55ed381c741027bc4e

  • SSDEEP

    768:AtSNCAzAqcISG0BWwNyf9QjukALfjxR8UZQ:AtSNCAzAq/uTyPZdR8UZQ

Score
10/10
icedid537138462bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

537138462

C2

hoftpaeers.com

Targets

    • Target

      Presentation.lnk

    • Size

      1KB

    • MD5

      a75ac872ae8e14228b251ad5aefd4778

    • SHA1

      06a6c19d33aade3af881c4eeb4614ea201db23ee

    • SHA256

      38f5f65ddb81b8c4c3d1a1befcf4e12084441a797c2c17098863d9e73c4e5212

    • SHA512

      25dff6f24991a197cde279081971009ba8ce4359ff53b555f792e9c9b70631404bad40af99e3c73c771cbfae85c7c62c06d95d25fa252b41d057412179eb4ba8

    Score
    3/10
    behavioral1behavioral2

    • Target

      allnahgotbog/excludebrewery.bat

    • Size

      1KB

    • MD5

      3bc63c9c098be18064ff8e5abddd0d87

    • SHA1

      73aa37007d5a6446b6882a231f27ca37cfb0d871

    • SHA256

      bc02049c518fb776bff330cadcdeb72faa8c2656151c2a31ac3f818e4d842ed7

    • SHA512

      439599a27b8eeb86d6c3887c43d5aa3bad959b47495c45ecb60f826dc32188323cbd34a0ded4c3aa5d692e6ed931c22aa800ab95b0b7042d396f919c7be4e61e

    Score
    1/10
    behavioral3behavioral4

    • Target

      allnahgotbog/skysurfing.dat

    • Size

      64KB

    • MD5

      602afdf5427e315070e7ae352a268aaa

    • SHA1

      ac6d1f94503db42058d501cde2b0801c93d41383

    • SHA256

      f47d3bbe598761cf8d62e474871e152bfc4b638cc8ad436e5855954574635951

    • SHA512

      9e60c1e7f75dc18b2e084c721b585399ac06e00b8d8326fc1a3236ce061acacb3d60e5997d6755370f5abc42fb5017ba6b250d6612a35ff73d23510e8ad50a29

    • SSDEEP

      1536:2gIEX1YNz/SH3cuF1JWO4u7wdCzQbi9mMdxwfeZHf2wAiKuV:2REyNz6H3vQxumCzW6xwfeZHf2wRKuV

    Score
    10/10
    icedid537138462bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks