Overview

overview

10

Static

static

REF.lnk

windows7-x64

10

REF.lnk

windows10-2004-x64

10

rugcoyalls...ng.dll

windows7-x64

1

rugcoyalls...ng.dll

windows10-2004-x64

3

rugcoyalls...xN.cmd

windows7-x64

1

rugcoyalls...xN.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20220110.zip

  • Size

    305KB

  • Sample

    230110-vppnqsce5s

  • MD5

    3a7c9403c9f59a8d832bb094120822ce

  • SHA1

    d0f3478f07062c69a5752e313200be0d8131c219

  • SHA256

    3854378244a047c56378fa00420a2340a1d0e5e7670708f70b90d52fd35f3120

  • SHA512

    df884143edd7dd1b0ea3339b7d9fcf8a057929683fd8973a59e6e755156c937c00683ca8fadb9fd3559d23367bb5cb8daf00725960abc18f5a235cd9ff9172c1

  • SSDEEP

    6144:7KiUweYzV0JRylJv2QFSL/pDjAHaz0rUVX0UxGx:7KiUEJv2QFSd+DTUxQ

Score
10/10
icedid1421378695bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1421378695

C2

ebothlips.com

Targets

    • Target

      REF.lnk

    • Size

      1KB

    • MD5

      86e6dafd4c33160834b62194ba32c5c3

    • SHA1

      b56f9d0bd9c05705bc3dc4f5bde87c6275eb5019

    • SHA256

      c06e1d8841faecf02f85d62a4311cab2a5f949cff1f5f30e228eeaf9ef593960

    • SHA512

      23ba8b5c2f60f17eccdcf1d9f2f36a7001fd14888fbd69f8e1579c6733004c9320c6a0b9de4bc064a16da48a02bcfabf15f931c8d8b8c00d98eaaa1b58cdd6e6

    Score
    10/10
    icedid1421378695bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      rugcoyalls/mischannelling.dat

    • Size

      544KB

    • MD5

      93787c6a5ba46605c0916be28ef52bf1

    • SHA1

      c786205da7660fa7f76a41ed26b8d1c6aff95044

    • SHA256

      2a07b1741dbf216a188938d0fec870f8395374f760c6bf452f0a0479e975b018

    • SHA512

      ade7b59752508a0abffd296a4abb780238b4ad39bfcb0333ba365b43ad9886929e97f0d64ce2c8fcd6cfb32572d0342f018cd88f6e55ea0822096eeedf5b8e4c

    • SSDEEP

      12288:MZF4/8HxyNNCt+sULxQx2SWqj4PWyfEWmxa+o:Mk/CoAfULIHtZbo

    Score
    3/10
    behavioral3behavioral4

    • Target

      rugcoyalls/pangapsexN.cmd

    • Size

      1KB

    • MD5

      d58b4bfb8bd596d0ec8224fac12f0b99

    • SHA1

      a056fc0a4524e6b0c21e73bdc47d3b7fe3cea448

    • SHA256

      2347581778f6ff0791072ce338d8c04a7c6b16815f239baf753756a7ce3bce07

    • SHA512

      d5ff2419372a1d73170cd73324b4c04affb0102d4e100825a4f03b91ee7b2a072286fba644444626a38235b03022086bebf1e79c5c06e288c0f0133427cb3091

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks