Overview

overview

10

Static

static

Docs8/Data...10.lnk

windows7-x64

3

Docs8/Data...10.lnk

windows10-2004-x64

10

Docs8/desktop.dll

windows7-x64

3

Docs8/desktop.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Docs822.zip

  • Size

    390KB

  • Sample

    221214-ycdmgsdg7x

  • MD5

    18ea38f072df0b6a4d394c451a26a65f

  • SHA1

    f50f446a0af79cfcfa421dcd4492d225755bab35

  • SHA256

    3402a2fc0b043e196115fa4bef0e85306955bd3a8e465bfb737a48df2b17d6f6

  • SHA512

    932090e8ba7265d268e2bd0175518b655f029310328a8472c755499cb37adf7a3039b14229657239a59900d23532a626d6e427df217d56dd4241fa127fa44b6a

  • SSDEEP

    12288:TWf80paH3YedO2neg7xPRRSzsxVIHN++pvkhWa5pX1:TWfmYedOIewRRSAItxkv1

Score
10/10
icedid2302411646bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2302411646

C2

klepdrafooip.com

Targets

    • Target

      Docs8/DatabaseNDA-14310.lNK

    • Size

      2KB

    • MD5

      91d36dfa00a703fa9ad73d1f6ef162f2

    • SHA1

      be07eb64d13bd9b8be47210fec3361f5722bf13c

    • SHA256

      7a3367528cbebf26612a7b3c6db5e73ecc437b0f41564581eb6d35f739c10bc4

    • SHA512

      13c46b5996f3404a350cbea86d4258e3eb2970b344ba6f19e280fd2ae2c2613b66aba57c682072b34c40f102db2bac0bf80c60cc78699c4bb4ace0debcd1c2e4

    Score
    10/10
    icedid2302411646bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      Docs8/desktop.ini

    • Size

      970KB

    • MD5

      1bb0ca2e6ac4253b69917831f6e45c59

    • SHA1

      68de9388f5ad612078ee9698c3d09c20bd375f5e

    • SHA256

      591701e6e3ea61f8dfca07849668170ba5086b12022abd157dfb6d81f849e916

    • SHA512

      f529b299b531348eefab420bb737e70873eaf543111d2ed535e3d4fc4d0e52b8b28186caf84bafa27aa5a3076a9f216581759fa69f15ae3ee5673768a9368871

    • SSDEEP

      12288:XfbX8ei68nEXe963zTnecHZ4ke7i2G1CnL180bn2ONRj1LEkuUkkSgXOcLUjqI9n:Pb8e1e96Pef7k0bNRjpB4dPURa0+

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks