Overview

overview

10

Static

static

3

Scan_34262_INV.pdf

windows7-x64

1

Scan_34262_INV.pdf

windows10-2004-x64

10

Resubmissions

17-01-2023 21:10

230117-zz63zscd5z 10

16-01-2023 17:30

230116-v29jnsed7w 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scan_34262_INV.pdf

  • Size

    109KB

  • Sample

    230117-zz63zscd5z

  • MD5

    5f8a9cb690464151bb443ed4740a3c27

  • SHA1

    e467d01dd6810da100fb2b96fc30f2d33a205602

  • SHA256

    c2e3097e2de547d70f1d4543b51fdb0c016a066646e7d51b74ca4f29c69f5a85

  • SHA512

    8447b024b77361a103b5f2040f70dcb3b2c15ae7e20a3e7d0fc8086197b8132f77fddf30b10855bf88e030b0c1abdf6ff12b7b90ead594b5de67bb26cff347d7

  • SSDEEP

    3072:By5E76B0ue48jHIwoo06PtkUcE549hce+:B/+auqgotkFEarv+

Score
10/10
icedid3074491541bankerlinkloaderpdfpersistencetrojan

Malware Config

Extracted

Family

icedid

Campaign

3074491541

C2

dgormiugatox.com

Targets

    • Target

      Scan_34262_INV.pdf

    • Size

      109KB

    • MD5

      5f8a9cb690464151bb443ed4740a3c27

    • SHA1

      e467d01dd6810da100fb2b96fc30f2d33a205602

    • SHA256

      c2e3097e2de547d70f1d4543b51fdb0c016a066646e7d51b74ca4f29c69f5a85

    • SHA512

      8447b024b77361a103b5f2040f70dcb3b2c15ae7e20a3e7d0fc8086197b8132f77fddf30b10855bf88e030b0c1abdf6ff12b7b90ead594b5de67bb26cff347d7

    • SSDEEP

      3072:By5E76B0ue48jHIwoo06PtkUcE549hce+:B/+auqgotkFEarv+

    Score
    10/10
    icedid3074491541bankerloaderpersistencetrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Registers COM server for autorun

      persistence

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

3
T1060

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks