Overview

overview

10

Static

static

request_01...10.lnk

windows7-x64

10

request_01...10.lnk

windows10-2004-x64

10

request_01...ng.dll

windows7-x64

3

request_01...ng.dll

windows10-2004-x64

3

request_01...ph.cmd

windows7-x64

1

request_01...ph.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    request_01-10_INV-165.zip

  • Size

    296KB

  • Sample

    230111-ff6tbsec7s

  • MD5

    0bbb972d0b2ec5e77754207b8529ecb2

  • SHA1

    5005aea6e3ad54771fee6131021eecbe89d70179

  • SHA256

    34b5fc171163cb0207f6118b48ce33e4c0c6d1728c5915d5a0b9c3da2f7e8583

  • SHA512

    efd08e125f92c2c1914ff12bd9acd39f365168450aaa5d20b5ea18b99af9efb3a487013fd0a3d85ceaed49c01a43f4af10598fb0d5c2b30458d728af4c0e6e29

  • SSDEEP

    6144:OfXbfyEBf5T2vBPpmCgIg+qiy+FG3SbtDGJ4yKP1eZI28Fdd738y:Wrqc8PpNGi7Ff1GGy/ZI/x73n

Score
10/10
icedid1421378695bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1421378695

C2

ebothlips.com

Targets

    • Target

      request_01-10_INV-165/CopyFolder_01-10.lnk

    • Size

      1KB

    • MD5

      5e64311f25ab2e189959f4d722fa628a

    • SHA1

      d3b99bae9540023c808b4491f5bbac220dcc49d1

    • SHA256

      fd5bc33b7fb4dffadbeb24bb33d03e26fa6bce46a326a096fe555afc6fa60b53

    • SHA512

      c08c348314dd624ee91ce471b0c232f0b340e508d6167720d0cef95aba24962347efc25c82b1c6f044ddb2f0ea0edd4709166325bed21224b3a1f3dd3f1f074d

    Score
    10/10
    icedid1421378695bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      request_01-10_INV-165/potyourueZ/disintoxicating.dat

    • Size

      544KB

    • MD5

      93787c6a5ba46605c0916be28ef52bf1

    • SHA1

      c786205da7660fa7f76a41ed26b8d1c6aff95044

    • SHA256

      2a07b1741dbf216a188938d0fec870f8395374f760c6bf452f0a0479e975b018

    • SHA512

      ade7b59752508a0abffd296a4abb780238b4ad39bfcb0333ba365b43ad9886929e97f0d64ce2c8fcd6cfb32572d0342f018cd88f6e55ea0822096eeedf5b8e4c

    • SSDEEP

      12288:MZF4/8HxyNNCt+sULxQx2SWqj4PWyfEWmxa+o:Mk/CoAfULIHtZbo

    Score
    3/10
    behavioral3behavioral4

    • Target

      request_01-10_INV-165/potyourueZ/oilgotyeph.cmd

    • Size

      1KB

    • MD5

      680c3dc587328842dc0bad5fd0227416

    • SHA1

      c492f8733d34fdf933f09087be7f84909690711d

    • SHA256

      481906de199f9e4f81418e144c72dac493406d944b55d3292c4ba10bfa94cded

    • SHA512

      21be0061df02e1eb38b0e17bfcd513e307530a6c3690b9d54fc03dfb7c3a60ba1d52333b4782d1f953d3e56ba19df26c4967023a98dd1809adaeee30245d6a18

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks