Overview

overview

10

Static

static

Setup_Win_...38.msi

windows7-x64

10

Setup_Win_...38.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8582729284.zip

  • Size

    720KB

  • Sample

    221213-whjpksaa3t

  • MD5

    ce691a917ae5d9b6885af7b5d243cef8

  • SHA1

    65e306f754255c9fb659b1196acb27bfd6b76a80

  • SHA256

    7d6c5cdb5d612d9a8eba3312fae5f97f558a14d9f582042f54fbefdd6fd5b762

  • SHA512

    a96b18d5e55de2ed11575727618a6a72a55ea51ac65ae829b6832ba9462b360c1a3e9df0db2e15e8b773cc755f791074c44ce55912708d3dd9ddcb62ff32655e

  • SSDEEP

    12288:7BpFgi0m1K4yIEX5344vpu3U9l4CCtmfG0Y8BZ2WPXJoPRuABxFjuXHQtYRIi5mE:PFNLSJ34+tCtaG0YIZlXJWu3QtJic3b0

Score
10/10
icedid1010550214bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1010550214

C2

estrabornhot.com

Targets

    • Target

      Setup_Win_13-12-2022_17-31-38.msi

    • Size

      1.4MB

    • MD5

      8b5b12a30a087fbba3b14665a8951b1d

    • SHA1

      b4cb2e10c0d4144f662d70f1635f31037f6db8c8

    • SHA256

      75c398d3a87e736ece65f10550519590a991f02990accf7d28cd52ac453a0a67

    • SHA512

      93465a3fa6874f5bc51a1442b724bdfa5d8af576211506c55dd4af02e3d5dacd7004f84ddd835e609bdf3cd119edfee6666507bacee3e799f9e12179bbfbc08e

    • SSDEEP

      24576:BHL0lPEJnFbMyawb8e1e96Pef7k0bNRjpB4dPURad+J:Br0yJKyaC/BPg1Rad+

    Score
    10/10
    icedid1010550214bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks