Overview

overview

10

Static

static

POV_Docume...12.lnk

windows7-x64

10

POV_Docume...12.lnk

windows10-1703-x64

10

oftplyfadm...ng.dll

windows7-x64

1

oftplyfadm...ng.dll

windows10-1703-x64

1

oftplyfadm...ph.cmd

windows7-x64

1

oftplyfadm...ph.cmd

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Malware.zip

  • Size

    101KB

  • Sample

    230113-q8ycrshd52

  • MD5

    aad0319319be0d94d220defdf6d8656d

  • SHA1

    0a79a5233bf5b78337573b914cbd331a5d49ee8c

  • SHA256

    912ca06182dd5737697533e13b5634d8ff3d98cec75470f57f75f0a932c068c4

  • SHA512

    bbfaf891ad0f2c67d51ecf67c8dbad554b3be1847e66a280d0e54bcbff6dea1049b39bf9a1a21bbe3d3d1dfc0531c0a25be6253072b2d8ec580ab2f8d23457f3

  • SSDEEP

    3072:Ud9m9S7xMY0/pq/555igIhfAvacObeeiatnfU:q49W5g0/JGhIvacgRtM

Score
10/10
icedid1387823457bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1387823457

C2

allertmnemonkik.com

Targets

    • Target

      POV_Document_01-12.lnk

    • Size

      1KB

    • MD5

      5e3279c53c6487948d57c32480968be7

    • SHA1

      33349cb1966f7fa277f6abc74a46fc784ed39723

    • SHA256

      504ded661268ffe0b930b1ded86f5d3b60431d54a50cd201ff1dded0478d0434

    • SHA512

      2b41c1c5cadfabb76b617314107c1e03704c1caf8ebe3d6bacd42e9a187a941e173ab99e11da80d36a141e96ef7a25761f00cc46afeed0075bf2b152a2986862

    Score
    10/10
    icedid1387823457bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      oftplyfadm/easygoing.dat

    • Size

      189KB

    • MD5

      c9f3dd6dddcd3beb7070d9f915219034

    • SHA1

      c3f080523dc1b8c444742f372b9d212743b8a503

    • SHA256

      65281fe83e22bde20fa56079bebaea6fb353d1036be8073924fdf64cd9194984

    • SHA512

      41c4bc71788b5c48cdce3337f281c886c38cef0d139bdaa7d90250418df7582663ccc298c04b8e52c0d5f4da1ecd34fb82dd424aacc67d8559bfdc2e2caf160b

    • SSDEEP

      3072:ZO3mR80/ohURN3X3JKXvhuVQPSoPf1DgaibTVxC2QfRPNrNwmpPFo4:ZOWxohUrXoXvUkSo+aGTPwPNrhb

    Score
    1/10
    behavioral3behavioral4

    • Target

      oftplyfadm/redtorpaph.cmd

    • Size

      1KB

    • MD5

      4cbd01d97d3e2a5641a471d4f67de3be

    • SHA1

      f0bc6dc3f96833c860b2ba3d4c17d796a35befc2

    • SHA256

      40e0a981d05e98911eef33c0f623988ba8fc94a173c10749942e64b8ab93cd20

    • SHA512

      705d41d00b12892becc0f9affc8145f2ce9883a7036c91f423bdb5e9df888d4f05f0fc2c2fb67f0ecebf3c339bf70e5fd7d5b7680983083b987053842fb4e9ad

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks