Overview

overview

10

Static

static

Scan_01-09.lnk

windows7-x64

10

Scan_01-09.lnk

windows10-1703-x64

10

Scan_01-09.lnk

windows10-2004-x64

10

firvetourg...dc.cmd

windows7-x64

1

firvetourg...dc.cmd

windows10-1703-x64

1

firvetourg...dc.cmd

windows10-2004-x64

1

firvetourg...ng.dll

windows7-x64

3

firvetourg...ng.dll

windows10-1703-x64

3

firvetourg...ng.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Malware.zip

  • Size

    333KB

  • Sample

    230109-zveg6sfg59

  • MD5

    8ab95e8aba03133ec0d363be217a4076

  • SHA1

    a3829e41cb071d784c8bb905d18d7052660f78e2

  • SHA256

    acd9fa27b779469770a4c53602c8bbd33607e1624bf6b5dfd605e2211aa9bae4

  • SHA512

    d7c9b89dfc00946997cf891b20e8923ac3ad644f049895fdea10c14bff9ca2d907540cfd18903399cbbae71f98b1d1d810d1f5201fbce4318a652ac16238fa7f

  • SSDEEP

    6144:3qANf8ojQ+kY7boOAEMyIJ/ec9NSsANtzsq97b2QcwGfHsyS8M9aTkAxbkA:6ANkojCY78OV6JxQTQI7KfHxlLTleA

Score
10/10
icedid3131022508bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3131022508

C2

wagringamuk.com

Targets

    • Target

      Scan_01-09.lnk

    • Size

      1KB

    • MD5

      fc799beeda4a8430292247375bdf4b59

    • SHA1

      3f1a817f3bd5a344fc3aae111f09349756f00d40

    • SHA256

      a482fc4719106e36bca78b610acde1136bce64120fe1a5a843d65aa82aaa190e

    • SHA512

      b1d1286cce4499e2c849ddfa6c6e8cfd08ec8cfe7d6d9fb1c11319623a3866f767c8d08d767f2594fb991592b66528c797a3b49bbb45add44284c7b296de7467

    Score
    10/10
    icedid3131022508bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2behavioral3

    • Target

      firvetourg/denmedmudc.cmd

    • Size

      1KB

    • MD5

      c28f4835e4522c127c5d0306e4882bc3

    • SHA1

      26c24e97e961d50cd6ac2c88d307a000f85e89fc

    • SHA256

      01ef8a55d948b5b1c60741b689fa31a755bca5f1d0b13b34282ad0031b754797

    • SHA512

      5511c255f2129282ce1da65711f76d039f2f4b4231db2f0395b3eee76cad61c5098d4f151f4701705fedad4bd23a8818377eee6fa592af3fedef58df25676bf8

    Score
    1/10
    behavioral4behavioral5behavioral6

    • Target

      firvetourg/reencountering.dat

    • Size

      788KB

    • MD5

      15dd0873cb6bef0c8e89a0319a202c3a

    • SHA1

      6b49af73134d502d35d81cb978075761dc3b71fa

    • SHA256

      180bc8d0f85146d6d16fa8079e38ca5e84756f1e201fc7259464addbaee15ff2

    • SHA512

      3b1e4b176835eeae62e5ed4ac65b97e26b4471fba4aa0514c969fac8184fdcecaa82e7c9d286d9bec909bf72cce0c6cce6bfa6ec1a2adadb463a0584d6b8d200

    • SSDEEP

      12288:EtsF8uXf3ER0+FFzy9SUa5Eorp//XyZXygB:l8qUR0+FFzvea//XywgB

    Score
    3/10
    behavioral7behavioral8behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks