Overview

overview

10

Static

static

Copy_INV_01-20.lnk

windows7-x64

10

Copy_INV_01-20.lnk

windows10-1703-x64

10

wisbispodi...bS.cmd

windows7-x64

1

wisbispodi...bS.cmd

windows10-1703-x64

1

wisbispodi...ng.dll

windows7-x64

1

wisbispodi...ng.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Malware.zip

  • Size

    176KB

  • Sample

    230120-1vd23sbg81

  • MD5

    3f778d737cdd2cd05af32f6633b3059b

  • SHA1

    6d034e486b807e33df6e38f4ced46006b4cc5e34

  • SHA256

    d18a6793ee770d1afe40b7b5b8b892a7f918e141533cc4d106bf65e54712d6c3

  • SHA512

    68a028afabd3131ea989cfca207f9e06bb930c411cd77adadd94accbe97af32a18818a19e3954b2767aec1296ac1ab239a14f8c2ea69caf1d06021d1730bb926

  • SSDEEP

    3072:XlWzZnhqzaN8nL+YG9vtXG/fesYXLuW5EMeRLS4B8IHujnqRJw/pMrl+kxkMcRd:XlWNnhqz04+YGvhGnexbuWmMeRYjUZho

Score
10/10
icedid886885680bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

886885680

C2

umousteraton.com

Targets

    • Target

      Copy_INV_01-20.lnk

    • Size

      1KB

    • MD5

      5900b90aa7c89d52dd2a78b71da2b570

    • SHA1

      6acd798b509c629df3a817935e0c77e5dad22a6a

    • SHA256

      a10c3835f7bdb8f30c1126d5ee27dfb74be5c4e73412be9d37a544c6f95ceb4d

    • SHA512

      ca561013b6f4e9ec5de4e8facee720c16d2838f58ece67e71ba4a257f6ea46eb3fdcbcedf325813be249ec553af0bd4b144e1ac1c76719e6523f2c8e8f25a835

    Score
    10/10
    icedid886885680bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      wisbispodi/rajsoldabS.cmd

    • Size

      1KB

    • MD5

      1d156fc27a24f2b1ae1cf67083193750

    • SHA1

      2d341230f92eac3ccc1838af81229235fd96069e

    • SHA256

      966502087a3faf913c50fd5cd1880755fb0e8c379faca06072bac3ebb6ad3917

    • SHA512

      e81c934741813d5587fdb6478a02beab73796bd4bbbdac35d50b9b9a03a7f3702c2a6a27d52fce2616d2e7a13fbad263cf069846d1fd6b70a42b53e95b07f8bc

    Score
    1/10
    behavioral3behavioral4

    • Target

      wisbispodi/tunneling.dat

    • Size

      514KB

    • MD5

      0b44756101b2f2a79341c08bfebbaf46

    • SHA1

      a7eee2811565316f074f3b3e97eb56c4298eebb4

    • SHA256

      ad174760985c5418b4a3c3a97cd8d7658e3bbb7030f72f2eff9ff97e57f200bd

    • SHA512

      a1d2003a31b7cf15d7b7ab1c9bb86ce4eb4a5d510349972677b5fcdceaf7d106eacb87f946c95d756a892dc962e4144f2bb184a3376e11e97e80f8e05b4ff794

    • SSDEEP

      6144:IuS8iJgEjHlmbG3Gt20CZPbPBtqdacYQ2MmU:Iu8JgfG3rLQfm

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks