Overview

overview

10

Static

static

ET.lnk

windows7-x64

10

ET.lnk

windows10-1703-x64

10

ET.lnk

windows10-2004-x64

10

fumigating...es.cmd

windows7-x64

1

fumigating...es.cmd

windows10-1703-x64

1

fumigating...es.cmd

windows10-2004-x64

1

fumigating/erupt.dll

windows7-x64

3

fumigating/erupt.dll

windows10-1703-x64

3

fumigating/erupt.dll

windows10-2004-x64

3

fumigating...ty.cmd

windows7-x64

1

fumigating...ty.cmd

windows10-1703-x64

1

fumigating...ty.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    EP49.vhd

  • Size

    2.0MB

  • Sample

    221208-rfjvcadb6y

  • MD5

    4c17da021097205a5b812d39ef04ad0e

  • SHA1

    127019c9ef422e50fc9c28f852843723a0a725bd

  • SHA256

    2052b4ce077f8a5e26656c804ddd1887dacf0e9839986b100eca73196db46086

  • SHA512

    b87c91196ebe5e94c6f153c19b7299d884f4c54eef88031c9d70a59c9c13cadd781ac62876159cb5d81b69703f5a5dfc440533d5670e77a42a9d6cc9e0f84eff

  • SSDEEP

    6144:li1hK5FXCE+lDuLvguRzXGbMbmGFVR7N2DFx/kYWK4XDfAW2J//+777777Lw9oHn:shKC6Y0rh5O//E777777LwmqLzF3u

Score
10/10
icedid3738574432bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3738574432

C2

aslowigza.com

Targets

    • Target

      ET.lnk

    • Size

      1KB

    • MD5

      4b80484dd006e1e0e88b4bd592e98da0

    • SHA1

      5aa3d12864a2db3179d6a5f66ac293c57a332cf4

    • SHA256

      999abe33ed3236e6e6a6864ab72b9e09ff9a4470783c746f068dea070020f147

    • SHA512

      0ee0127c0ace5cd14e0b7bc09def52f9ff7ea8f39826c8236d4a4543a38d229aed704208c3c0b9ee41ce6e50fc97287cbf5a395fbf8ce72e73c7c3c337ad2c64

    Score
    10/10
    icedid3738574432bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2behavioral3

    • Target

      fumigating/actuaries.cmd

    • Size

      226B

    • MD5

      2d00a9d3868c4bacee48524f524d32e1

    • SHA1

      ee4cd3aeea9945ba5e9596ad780bc0ae3c22fe18

    • SHA256

      94ef6e51baf0bd264f7bdfe8347872804da8c4e03720829a94487be9a936d2dc

    • SHA512

      7116471f6a07d94e42208836a056075c12c019fbfb4bc86f7fc092ed38b9824de45eeac2ddc6b5352a14fbdddbc19a39b4f4e89fc6ba641dd7b5c7efdf6bce7c

    Score
    1/10
    behavioral4behavioral5behavioral6

    • Target

      fumigating/erupt.tmp

    • Size

      209KB

    • MD5

      952c6ae48b5f7cb5977f9ce5159944b7

    • SHA1

      ec0ee94c0da39681e3ff7b78d2b1c6b63e76f9e5

    • SHA256

      898a12fb7193c8260e9a8b9afc177b34608a9eeb1b927b895d9033e86185757d

    • SHA512

      dfa53c3224888e73d9728fcdf605c0eaad8ed96bfdd7276f44be25c2292756a1e1a504c50ca525227d23e42d7045120ceab7e8f0cd84e992997d9376a5857143

    • SSDEEP

      6144:z7N2DFx/kYWK4XDfAW2J//+777777Lw9oHMAqL4OF3u8:z5O//E777777LwmqLzF3u8

    Score
    3/10
    behavioral7behavioral8behavioral9

    • Target

      fumigating/perplexity.cmd

    • Size

      286B

    • MD5

      c9272f3098f5af0eb3179c5c764e5cd5

    • SHA1

      fa991da35d87d491c373e1ea90500f885ceb645d

    • SHA256

      8821636bd9b82c303dc65dcfa986ee1d1b67463a84bfe940ee19d3dff86f2dcf

    • SHA512

      04f25f060ab5d4b4b64cd8afdfdff808056346a9a8f1c9bf13a7948874c9360b91f707b79b5f292e8fd2ca6f0111bfccef6eeef7a20c0411c6e1ea971eda7153

    Score
    1/10
    behavioral10behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks