Overview

overview

10

Static

static

Inv_162_Ja...09.lnk

windows7-x64

10

Inv_162_Ja...09.lnk

windows10-2004-x64

10

Inv_162_Ja...ng.dll

windows7-x64

3

Inv_162_Ja...ng.dll

windows10-2004-x64

3

Inv_162_Ja...no.cmd

windows7-x64

1

Inv_162_Ja...no.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inv_162_Jan-01_Copy.zip

  • Size

    325KB

  • Sample

    230110-fwthyadb74

  • MD5

    eb60add07f21b919a8aeb94c49fc1510

  • SHA1

    f0e7519fc71583063e5742c71a402cea27706624

  • SHA256

    19445d47b6904e3ce904e119ae583d286b6d2c001161b598f5c3ce2e64485792

  • SHA512

    fe3ac5b9986bc1be85a78f25b85adcd13ae5940b433d7350cfdc076277a4115277c42a63c680d280ac0e9215af80a7d3802a890ba269eb13336e0cd2e8bd3602

  • SSDEEP

    6144:aYWAUM1gii+Er9WAM5i7i0Iq8dEZh3xXCFPUmrm0B7J7yHpaF:aYWA1gZ0A2Qic8C1XCtUym0zSaF

Score
10/10
icedid3131022508bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3131022508

C2

wagringamuk.com

Targets

    • Target

      Inv_162_Jan-01_Copy/REF_Scan_01-09.lnk

    • Size

      1KB

    • MD5

      9236173d81765d9eecaffa7bea277241

    • SHA1

      3c6435f4b46131e1eeb45ba87519a42c9b03c103

    • SHA256

      15670b5b4cda3123d0a2f832bf393fbf16d7fa4635558de28220d56c42032b90

    • SHA512

      ea010056be19fc5a3265b3303894b3c9753ed185c1bb7119016e0d8a18d5e9024e68eb48d83a13baa596c0a6646ad96bbf5ae14ad1ca352e39d5a31fec663365

    Score
    10/10
    icedid3131022508bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      Inv_162_Jan-01_Copy/eveeftwedK/blessing.dat

    • Size

      788KB

    • MD5

      15dd0873cb6bef0c8e89a0319a202c3a

    • SHA1

      6b49af73134d502d35d81cb978075761dc3b71fa

    • SHA256

      180bc8d0f85146d6d16fa8079e38ca5e84756f1e201fc7259464addbaee15ff2

    • SHA512

      3b1e4b176835eeae62e5ed4ac65b97e26b4471fba4aa0514c969fac8184fdcecaa82e7c9d286d9bec909bf72cce0c6cce6bfa6ec1a2adadb463a0584d6b8d200

    • SSDEEP

      12288:EtsF8uXf3ER0+FFzy9SUa5Eorp//XyZXygB:l8qUR0+FFzvea//XywgB

    Score
    3/10
    behavioral3behavioral4

    • Target

      Inv_162_Jan-01_Copy/eveeftwedK/oakhidtino.cmd

    • Size

      1KB

    • MD5

      9462edd137b82de190978b35d062e56c

    • SHA1

      aeb49a7d86d9fae2f09a8f7b7d926991c5887b8b

    • SHA256

      28d9ce04d42d61d8b4423997fd60087bd23285b06c4b79b72a3dcb7d13de2ec6

    • SHA512

      e9fee5f87f3d4c7246b7d23293a0c68a7ecf4ea0991e83679e68b45035a5fd6251f786fc13b796286fbae055fcd9511e06fa5a31e6ebfad8009c2dc887a6aaaa

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks