Overview

overview

10

Static

static

request_01...05.zip

windows7-x64

1

request_01...05.zip

windows10-2004-x64

10

request_01...05.iso

windows7-x64

3

request_01...05.iso

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    request_01-10_INV-105.zip

  • Size

    310KB

  • Sample

    230110-z3s1jahf65

  • MD5

    ea29a3a9b2f1b0ca1375a03d1ebbf72a

  • SHA1

    293e4b647425832907737984a2bb297d6244f200

  • SHA256

    111b27216b69c27153a8725cc843e581289c4c61478bc5ab63018cbbcb0d1b30

  • SHA512

    15a0d8e7552632a9caeeba74b90c218f9a5b65d3b08e93c886f95e5d087b743a3f950d28c74c82cdd6390b8282d9a6ead947961f9528072fb808dd8817ac774a

  • SSDEEP

    6144:c04p3AvFK8dEDxghT+nRSV+IL55IRtD5hrzyfe/q:mp3AHGlgh6ZUrIP7Oyq

Score
10/10
icedid1421378695bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1421378695

C2

ebothlips.com

Targets

    • Target

      request_01-10_INV-105.zip

    • Size

      310KB

    • MD5

      ea29a3a9b2f1b0ca1375a03d1ebbf72a

    • SHA1

      293e4b647425832907737984a2bb297d6244f200

    • SHA256

      111b27216b69c27153a8725cc843e581289c4c61478bc5ab63018cbbcb0d1b30

    • SHA512

      15a0d8e7552632a9caeeba74b90c218f9a5b65d3b08e93c886f95e5d087b743a3f950d28c74c82cdd6390b8282d9a6ead947961f9528072fb808dd8817ac774a

    • SSDEEP

      6144:c04p3AvFK8dEDxghT+nRSV+IL55IRtD5hrzyfe/q:mp3AHGlgh6ZUrIP7Oyq

    Score
    10/10
    icedid1421378695bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      request_01-10_INV-105.iso

    • Size

      1.7MB

    • MD5

      362c61979941457573296e9dbe135206

    • SHA1

      c668534c9855e735a355bfaa7714ef31c43de972

    • SHA256

      b1260438723e65111dc794b3df40460093eef935c18f3a2b3fc9c6f8f1ae61c2

    • SHA512

      f4eac1710a9fe348ae9889f4b4f0e30b2c1c37d6554201ab116b1c605a8b4403ec0f061a4498ceb3966716c6996270115aeb5703b4ef51cc5c4a530efc1682e3

    • SSDEEP

      12288:3ZF4/8HxyNNCt+sULxQx2SWqj4PWyfEWmxa+:3k/CoAfULIHtZb

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks