Overview

overview

10

Static

static

3

Paid_Offer...19.pdf

windows7-x64

1

Paid_Offer...19.pdf

windows10-2004-x64

10

Resubmissions

23-01-2023 10:28

230123-mht1waee7v 6

23-01-2023 10:16

230123-ma61gaee5w 10

23-01-2023 10:13

230123-l86xpach26 6

23-01-2023 10:09

230123-l626qacg98 6

22-01-2023 21:32

230122-1dp31sbg5s 10

22-01-2023 20:58

230122-zsbcqshg42 10

20-01-2023 15:06

230120-sg8qjaaf5y 3

20-01-2023 14:13

230120-rjfxvsbb37 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Paid_Offer_228_Jan-19.pdf

  • Size

    150KB

  • Sample

    230122-zsbcqshg42

  • MD5

    40d02739328a2b96cbbaec90a58137a0

  • SHA1

    9fbb76197b155edd7197095c78f49e58d0268de2

  • SHA256

    111871764f74f2de6f58ec30cb84682b68bab22b59f91660c81f06ab4cb306b6

  • SHA512

    fc695cfc902dc2ec5585a7c1592d979c88f2dae40562898762511332d175d4372301f6b52d87bdf918dba1732e534b7836ddd8aa5749dc2d06b630ba176f5355

  • SSDEEP

    1536:rVTYjPXB7x4IzZwP236NntGB/HcDTIaxeMCcWXz+dqaxA1oPn6b9SBVxqntRZkBz:xkjfVl8Ntu/ATsMaDUysdivS1Ua9OS

Score
10/10
icedid3108046779bankermicrosoftlinkloaderpdfpersistencephishingtrojan

Malware Config

Extracted

Family

icedid

Campaign

3108046779

C2

klayerziluska.com

Targets

    • Target

      Paid_Offer_228_Jan-19.pdf

    • Size

      150KB

    • MD5

      40d02739328a2b96cbbaec90a58137a0

    • SHA1

      9fbb76197b155edd7197095c78f49e58d0268de2

    • SHA256

      111871764f74f2de6f58ec30cb84682b68bab22b59f91660c81f06ab4cb306b6

    • SHA512

      fc695cfc902dc2ec5585a7c1592d979c88f2dae40562898762511332d175d4372301f6b52d87bdf918dba1732e534b7836ddd8aa5749dc2d06b630ba176f5355

    • SSDEEP

      1536:rVTYjPXB7x4IzZwP236NntGB/HcDTIaxeMCcWXz+dqaxA1oPn6b9SBVxqntRZkBz:xkjfVl8Ntu/ATsMaDUysdivS1Ua9OS

    Score
    10/10
    icedid3108046779bankermicrosoftloaderpersistencephishingtrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

4
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks