Overview

overview

10

Static

static

New folder...19.lnk

windows7-x64

10

New folder...19.lnk

windows10-2004-x64

10

New folder...nT.cmd

windows7-x64

1

New folder...nT.cmd

windows10-2004-x64

1

New folder...ng.dll

windows7-x64

3

New folder...ng.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Paid_Offer_257_Jan_19.7z

  • Size

    407KB

  • Sample

    230119-zjfwvsed2w

  • MD5

    e36b89c39610f6bc924968a96b5aa8e6

  • SHA1

    996a7e91151b6df21ba21375c6ad5b06b9b145f6

  • SHA256

    7aec2958937bdce9572aab569a5e639594dd99e53481dea6b637a50c1f21bb24

  • SHA512

    7161227ac30cba847c2fc6c41ebbabf9fa30324da041849d5e7416e0861697df4f4102b9fb81fb6450516a819428461015340a14513658bcbe4c826b5e57f5e7

  • SSDEEP

    6144:Bcngu4w9LMR0oHxZ3ZDqSVTKoOIN4l9r7+++AqFMzzXZ6zW0eZ6xKVrJUjwQ:Bcgjw9Hyx3WWZ4l9MMvXZJRZMcrJu

Score
10/10
icedid3108046779bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3108046779

C2

klayerziluska.com

Targets

    • Target

      New folder/Copy_Document_01-19.lnk

    • Size

      1KB

    • MD5

      95174ee1b5da79b632d2ba14e5c25622

    • SHA1

      a60ba4fb1ea86520aa10fc170665249e39fd5a38

    • SHA256

      d52c73ab74ee564b66d6ec2195c4f6c28a26299b6ba55422c8bfd4f027c8f1b9

    • SHA512

      164f285fc68fcae9ff3eec66ba77479afc52cf834fdff2743685c87e6fa03e73264bf51befeb3f5ea0a724181a3b1099738855325e988dfa8a168581ef134c55

    Score
    10/10
    icedid3108046779bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      New folder/fogduepetf/oftsaginnT.cmd

    • Size

      1KB

    • MD5

      e2cdbb1f310b6802213f6d4117b3d0ec

    • SHA1

      a382cc0e6c9c89026896b81be2bf9889446c94c0

    • SHA256

      b2dd5776e444bd1eafe8d1d17e5ee67e3e2b7d6a40973e7be94460fc4c0486a8

    • SHA512

      1ce7f0ccd7958fa4a7a1b1cf2dc66cf33ea2715e41e221e6d06484746eb9f51a78d5f61305c2a848c6bb3400319247d255a122ef982ce74bda48e84a52f4d396

    Score
    1/10
    behavioral3behavioral4

    • Target

      New folder/fogduepetf/rencountering.dat

    • Size

      1002KB

    • MD5

      d0515acd0a80ad5273ad189e72aca86f

    • SHA1

      494b7f00ee4e2a47c3b6e25f7fc603ea9f3ae1d5

    • SHA256

      265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844

    • SHA512

      2da2dc75b9aca01e0133ad119e194ba52b4f929289b8f23c13da9ef2c9e8c00f5a245b177a22207e168dd7039279357abd7bc13757e982f1088643720749d0aa

    • SSDEEP

      24576:jkmZDEMHhp9v1Ikbn3ND0TAVOsIut8P4zlIKE2r/7Bk0:ImZFHhp9v1Io3h0TA3pJk0

    Score
    3/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks