Overview

overview

10

Static

static

Document_7...20.lnk

windows7-x64

10

Document_7...20.lnk

windows10-2004-x64

10

Document_7...ng.dll

windows7-x64

1

Document_7...ng.dll

windows10-2004-x64

1

Document_7...pI.cmd

windows7-x64

1

Document_7...pI.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document_72.7z

  • Size

    142KB

  • Sample

    230123-jtg9nsea7v

  • MD5

    53df5c7486154a3de1b0b0aa0f2a2619

  • SHA1

    d0e23ffcf3f661b11f3b77531b3bd561bdb6a97d

  • SHA256

    d88fdda2f0706fe1cc2706c14e7a060af6ee2781e0cb9f1714cbecfceb75ab3b

  • SHA512

    72ce8ec0c2f013cdfa6d631ad915d5eacd0630272595b16437e908821a1494035651eacdceb845ae88f020ec788f294ec7b58998052d8c887778cc587d0a85fd

  • SSDEEP

    3072:pO03SKvdumjR+dAEOYoI5odfRsH4VZmIdwG/Fq+nlt1F0uy:j9D1+dfUjZUuqSlt1F0z

Score
10/10
icedid886885680bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

886885680

C2

umousteraton.com

Targets

    • Target

      Document_72/Scan_01-20.lnk

    • Size

      1KB

    • MD5

      0b7b3668c7c6a12cdc41c45dc5ecf28b

    • SHA1

      282a20df6eff21b58c480b28db1d04ab632d3c25

    • SHA256

      19c6557ae51b7322ad35b35cf4729fc98521a1b99b0f9bb14d39defe4e2a0e09

    • SHA512

      b4d773f7349b06693d0ee7d18501fdb4b662e72efa5216e9c5fe1b940c44ff45df6924b77d9e1387cb3230efb701222940232f497469bd300b7ca7cbce316358

    Score
    10/10
    icedid886885680bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      Document_72/letetasody/pamphleteering.dat

    • Size

      514KB

    • MD5

      0b44756101b2f2a79341c08bfebbaf46

    • SHA1

      a7eee2811565316f074f3b3e97eb56c4298eebb4

    • SHA256

      ad174760985c5418b4a3c3a97cd8d7658e3bbb7030f72f2eff9ff97e57f200bd

    • SHA512

      a1d2003a31b7cf15d7b7ab1c9bb86ce4eb4a5d510349972677b5fcdceaf7d106eacb87f946c95d756a892dc962e4144f2bb184a3376e11e97e80f8e05b4ff794

    • SSDEEP

      6144:IuS8iJgEjHlmbG3Gt20CZPbPBtqdacYQ2MmU:Iu8JgfG3rLQfm

    Score
    1/10
    behavioral3behavioral4

    • Target

      Document_72/letetasody/sacsimsapI.cmd

    • Size

      1KB

    • MD5

      946edfa955e469aad87a33035cf28586

    • SHA1

      7348f8def6ced40b984c8af5793f9a1ec29c0428

    • SHA256

      7f66918d6312cce66eb7d7c8027477f488e567c2483694e2bc77104423b5d386

    • SHA512

      45c7c16a6cfc0d97d41abbcdb9563c8257fd24840177bd0f4c8aecdfe9338e101424d4b7c2d56f40405022d5b5fd06a7355d89db9abddc84cb31585648d9113d

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks