Overview

overview

10

Static

static

ET.lnk

windows7-x64

10

ET.lnk

windows10-2004-x64

10

startles/alwinton.cmd

windows7-x64

1

startles/alwinton.cmd

windows10-2004-x64

1

startles/beriberi.cmd

windows7-x64

1

startles/beriberi.cmd

windows10-2004-x64

1

startles/racially.dll

windows7-x64

3

startles/racially.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LS71.vhd

  • Size

    2.0MB

  • Sample

    221208-lw9stahe94

  • MD5

    4fdacba51fb28120fc87c8381b602842

  • SHA1

    2cd21f26b127967ec52183da28239117b634b83c

  • SHA256

    527fbfad3a7393d22732e5a3f845939fd576cd09e958b97b84368dcf6020bf29

  • SHA512

    6dbed19ac151e947b027416cc8380c81f6d0f8698671d4a3cf95dd578e00445259a1c4b3955f1b9e3f9789eb1fff3295bab94aa75233ad00dc1970640b3414a5

  • SSDEEP

    12288:Pq2cYoxqZUOaGwabOpO/HHpw15O//3777777LwmqL9F3u:CxGvwcHHpw15OXkZF3u

Score
10/10
icedid3738574432bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3738574432

C2

aslowigza.com

Targets

    • Target

      ET.lnk

    • Size

      1KB

    • MD5

      ede918f2f8dfce7f7288eb102eddaff0

    • SHA1

      11ff96d1dd5853afaef2b9aded027165b2d13344

    • SHA256

      0dc469a094bef4df033b846708bab4c32cdca0595ef2210aaef1c834a49073cb

    • SHA512

      33d2ac8d93747fd9c470ef64f4937a9be84f7b278157ec67c9f44cc33a69de4c0b11aa658754b02b53d78b40ce071a1799e32f13a9507b963c8110f5b6d3f5fb

    Score
    10/10
    icedid3738574432bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      startles/alwinton.cmd

    • Size

      288B

    • MD5

      0abf85f95180bd65217f7112c72afc47

    • SHA1

      2effde89bfe8c13998152bdf0061ae87111c8696

    • SHA256

      559252146892a488e408ed0bf05d2b610f1f097bc3fa8431e1b44b25415cb3e8

    • SHA512

      b97bdb62ef3034de81ac46693b835e400525260f9af1438a290b6e911335128b3d054dc9a43790a0dfcbe4d5666454296b651d2d16ee5aad913356f7374448df

    Score
    1/10
    behavioral3behavioral4

    • Target

      startles/beriberi.cmd

    • Size

      189B

    • MD5

      f25fe1957254abf685fab8c37130e1fa

    • SHA1

      ba438693aa87c2878097cf502a338bad0d3dce01

    • SHA256

      6520a4eff903b81a222b7eef3273a9fd638c3ca734ae1a4bc57a9a6a67bd98d5

    • SHA512

      f5fc7f2954360b622247164b8e30b009fc64857233ec13028cb711681c1185f2a684e65b11e3894374c66b13313642e4d7319b9172ef0e449847aa569ccaa9a6

    Score
    1/10
    behavioral5behavioral6

    • Target

      startles/racially.tmp

    • Size

      209KB

    • MD5

      9f6d522e1351f27caa9f79bc6782d197

    • SHA1

      3d41e5d1d10b68ca2b6bfc0ba2e112433caa539e

    • SHA256

      56fc9355e731581623fbfcb507be348e51c65f6afb2ac6e6f44764f7e2693cec

    • SHA512

      6cbb8e603c5c26df5dfd032e2c1c3e784b3fd5fb79628980e41ae798ef78546f857932674b86f6e1bd0461927f46af3accd3a0fb817c033c049e3141ce8489ae

    • SSDEEP

      6144:a7N2DFx/kYWK4XDfAW22//+777777Lw9oHMAqLTJF3u8:a5O//3777777LwmqL9F3u8

    Score
    3/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks