Overview

overview

10

Static

static

a/Files.lnk

windows7-x64

10

a/Files.lnk

windows10-2004-x64

10

a/seagem.bat

windows7-x64

10

a/seagem.bat

windows10-2004-x64

10

a/unedifying.dll

windows7-x64

3

a/unedifying.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a.7z

  • Size

    129KB

  • Sample

    221206-ng89vach59

  • MD5

    c42ec50c46ed8331eeb718b2934dae80

  • SHA1

    798b0af57c4ea60663132559d707a1e99fccbfda

  • SHA256

    be443555adde2329d2e6392b6549c3856fa0ab250f3e56798e91044c1cd95751

  • SHA512

    074ce1fbb34da5cb0b8a50bda79b5e1e96523874174f6f355386597c8685a811ce6dee758846d3e12e0a8b93115840db12acb0327d08bf6566809b609ae0feea

  • SSDEEP

    3072:9N7zhJcTQDbXuazGWXwCMG5/mHzq3Zp/dC+DyaWhA5vH8VIyQd3YHvg:H/h2TGXucGCwCMG5eHcZvCsyNhQvcKyI

Score
10/10
icedid2254758066bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2254758066

C2

opraadeadiwenna.com

Targets

    • Target

      a/Files.lnk

    • Size

      1KB

    • MD5

      5120b029963b569d6eac783f0894c683

    • SHA1

      d6947aa53a3c7c0c9cbe2709385def511169ff27

    • SHA256

      5711298ce147def8b20fbaf92017f77cd015c66e8ed71770d3796354ddc3ad6e

    • SHA512

      84cef12c13e32bef551092a4c22ab7327758a65b93455853b1cdc6b67d0374e704d58a1e94b75f21ee37ce94140fe86b288de06a1a23a5e165f347e4124cbea2

    Score
    10/10
    icedid2254758066bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      a/seagem.bat

    • Size

      1KB

    • MD5

      54f37ed83c9c52fc14cfb808b56f558e

    • SHA1

      576ac72dadf9e5b2b3d742bcf1ccda7002d76b87

    • SHA256

      1195439fcd3deeff79ee8e3bc4d50e5c8015082e307182da2b252cc0ebf4f8e5

    • SHA512

      7834ee399f4a0555606bee8ea54629c44a973f01d495572221e2b6003de8103ca83c177daf5003160162274f8dfa7232b946a16ac944e344f3d7b7bd589ffefe

    Score
    10/10
    icedid2254758066bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      a/unedifying.dll

    • Size

      269KB

    • MD5

      012da0b3ac0042942cd3b37915e799ba

    • SHA1

      848ec6dadfd86129908bf5cf51e34fb1d0e3ca62

    • SHA256

      c7d63b44ed478fe48468ddee84beb324712b22602b8c8a1ee2de75445f18528e

    • SHA512

      bc5f4f3940035a71d810692c65dbec81c3344f6a454c4b6cf666286edbeda737fdfdb962e7009d32a37a02476424c98605b7a054b312ca9f0b47168e8bc0948c

    • SSDEEP

      6144:mTHJ5BU2WigC+/NZy40onBV14xjN8IcOzECLZ:8DB0igC+/NHBV1SjaCd

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks