Overview

overview

10

Static

static

DatabaseNDA-14310.lnk

windows7-x64

3

DatabaseNDA-14310.lnk

windows10-2004-x64

10

desktop.dll

windows7-x64

3

desktop.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20221214_Standardnotes.zip

  • Size

    418KB

  • Sample

    221214-xcvqbsag52

  • MD5

    c003fac9ee1edb90d56687f3858e3633

  • SHA1

    e77dee32ffbbbb18de454efe7b7c4759d3a491c0

  • SHA256

    9e2de7fec3ce00ba3a86fcc814d5a88f6d461a1cd2249a18a0156a09deaf2b4b

  • SHA512

    6c372cd42146870f97bedc71d6eb1c25629451c00aa2d244e5c3d0cb4c1975512f9650328e474e6f536eae5fdb7a71c17a442c1ee31be070c03c464292b68357

  • SSDEEP

    6144:dv4FV8kQqSkOfiJo3uuy1OYPsSjVQnVpP3FI6lvOpaBqpgpaZVCWKTmUz5XujUcE:dvxqB6TYPxBQnvPL6QqSpa7CHiUX

Score
10/10
icedid2302411646bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2302411646

C2

klepdrafooip.com

Targets

    • Target

      DatabaseNDA-14310.lNK

    • Size

      2KB

    • MD5

      91d36dfa00a703fa9ad73d1f6ef162f2

    • SHA1

      be07eb64d13bd9b8be47210fec3361f5722bf13c

    • SHA256

      7a3367528cbebf26612a7b3c6db5e73ecc437b0f41564581eb6d35f739c10bc4

    • SHA512

      13c46b5996f3404a350cbea86d4258e3eb2970b344ba6f19e280fd2ae2c2613b66aba57c682072b34c40f102db2bac0bf80c60cc78699c4bb4ace0debcd1c2e4

    Score
    10/10
    icedid2302411646bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      desktop.ini

    • Size

      970KB

    • MD5

      1bb0ca2e6ac4253b69917831f6e45c59

    • SHA1

      68de9388f5ad612078ee9698c3d09c20bd375f5e

    • SHA256

      591701e6e3ea61f8dfca07849668170ba5086b12022abd157dfb6d81f849e916

    • SHA512

      f529b299b531348eefab420bb737e70873eaf543111d2ed535e3d4fc4d0e52b8b28186caf84bafa27aa5a3076a9f216581759fa69f15ae3ee5673768a9368871

    • SSDEEP

      12288:XfbX8ei68nEXe963zTnecHZ4ke7i2G1CnL180bn2ONRj1LEkuUkkSgXOcLUjqI9n:Pb8e1e96Pef7k0bNRjpB4dPURa0+

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks