Overview

overview

10

Static

static

iced2/Irs.lnk

windows7-x64

10

iced2/Irs.lnk

windows10-2004-x64

10

iced2/secg...ng.dll

windows7-x64

3

iced2/secg...ng.dll

windows10-2004-x64

3

iced2/secg...la.cmd

windows7-x64

1

iced2/secg...la.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    iced2.zip

  • Size

    127KB

  • Sample

    221212-k3c7raba35

  • MD5

    8cdbd65786e6fd594dfd169ffdb5adfb

  • SHA1

    ff4fad85c15885ab2df1c022c5ba37191279f5fe

  • SHA256

    6655718d3b33ff0e9c8bab83b6da44d0e026488b284e60116f1b252b5e82620c

  • SHA512

    730e62b206be42658b9c3ad91c792af8e30ede8ef106f01bca80258b8fe7a456880be46e7603e3be654ed514db56a32163a59e0ab30510fbb7868e05f974a53f

  • SSDEEP

    3072:qkni7eC5n6c8TMAK1Kf5GK+hV8KagJQyZnInj2xj0+LoC5L:3nqz5Km1Kf5G9h/a8Qan50+LP

Score
10/10
icedid1268412609bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1268412609

C2

ewgahskoot.com

Targets

    • Target

      iced2/Irs.lnk

    • Size

      2KB

    • MD5

      ed82b09fbd31c19a4a0aa50659dfa954

    • SHA1

      e331feabbc2305bec1c1c9dfa021087ea3b4d5c1

    • SHA256

      f79d35810f6088c5bce23c8273ab17116ba575e676bef707185724a10984affb

    • SHA512

      50fc4e0f2d0980ffd494414ae827e793a17fcc4d2116bbf95ff6445573a5124c79e07ebbf7af8d0003343e62ba20b7f81d0aedc5f18f0cff2ef30542718148b0

    Score
    10/10
    icedid1268412609bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      iced2/secgymoddkid/electrofishing.tmp

    • Size

      374KB

    • MD5

      84e6e93a8f4b9fd5810052d501cde0ef

    • SHA1

      1be390eeb1fc440f0ac7aae3f3a30406b735e8ae

    • SHA256

      9141d339ec21a8b8c71df0ffa8a205c9d8af4441e74f7548e6847c106c663b23

    • SHA512

      4925461622045335635972396aed2d5a84e47eef590c17521eca6db1f8507698fe880280f2e652bbcd6994ae3bd66e486fc6271e841e01075a4fb07aa6b6989e

    • SSDEEP

      6144:g0FOhm3Y1LfpDqnkIBwcu/oDdzr88vAHL/P27ysDPXoPcTPinEgrTytlRNKIg8g4:g0km3YYY/ohhvAHLnFWPXoPcTPbgrmtn

    Score
    3/10
    behavioral3behavioral4

    • Target

      iced2/secgymoddkid/sewala.cmd

    • Size

      1KB

    • MD5

      74fc76546fb2b58c5fe05b97c3354059

    • SHA1

      805b4c605ff6f2cd9bc38ba502983b20fea4f297

    • SHA256

      9311f2af0242350be45d18dcbf52e8477c052239ef9244fe08c43849c6cf76a0

    • SHA512

      e1a9b419b0ae6df843829715c1d4b353f72097376e4d088d16c1a126a842b1b9cbafcd9a9609f79b999d41e036f4533c30db18e1354376a055f7cc1436338284

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks