Overview

overview

10

Static

static

Document_72.iso

windows7-x64

3

Document_72.iso

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document_72.iso

  • Size

    1.6MB

  • Sample

    230120-skrw7aaf6v

  • MD5

    fac2d8d0b6e85888bf1459787777e961

  • SHA1

    c6decc09d534e3f8cac8c80cf56db09b5984f6af

  • SHA256

    b0c301d7315c49132886f59a6215e6899df630cf0f0f447df30eb382d1ab078e

  • SHA512

    083e89bc9fd4fcf48af69e4b11b8cb72e4aa0233e142078c477c08e46698b2a479b1bfb0d03566a83059790a1658dbed17630feecb74740b9fdc50e55a5603b8

  • SSDEEP

    6144:UuS8iJgEjHlmbG3Gt20CZPbPBtqdacYQ2MmUZ:Uu8JgfG3rLQfm

Score
10/10
icedid886885680bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

886885680

C2

umousteraton.com

Targets

    • Target

      Document_72.iso

    • Size

      1.6MB

    • MD5

      fac2d8d0b6e85888bf1459787777e961

    • SHA1

      c6decc09d534e3f8cac8c80cf56db09b5984f6af

    • SHA256

      b0c301d7315c49132886f59a6215e6899df630cf0f0f447df30eb382d1ab078e

    • SHA512

      083e89bc9fd4fcf48af69e4b11b8cb72e4aa0233e142078c477c08e46698b2a479b1bfb0d03566a83059790a1658dbed17630feecb74740b9fdc50e55a5603b8

    • SSDEEP

      6144:UuS8iJgEjHlmbG3Gt20CZPbPBtqdacYQ2MmUZ:Uu8JgfG3rLQfm

    Score
    10/10
    icedid886885680bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks