Overview

overview

10

Static

static

Paid_Offer...19.iso

windows7-x64

3

Paid_Offer...19.iso

windows10-2004-x64

10

Resubmissions

23-01-2023 14:03

230123-rctv5sfb2w 10

23-01-2023 13:59

230123-ran7wafa9v 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Paid_Offer_83_Jan_19.zip

  • Size

    485KB

  • Sample

    230123-rctv5sfb2w

  • MD5

    b0116889f3552f541a26d8b54517a6b8

  • SHA1

    b1e565709d59b4fa2de37a1bfcd2c49254dab48c

  • SHA256

    34cecd5a9044d95734b6b8876695e1f4f0a98c852902af352cfdfe15dab18cc3

  • SHA512

    2f824b629b8142a1860cf62006953ffee9a5a7080c976969334352fc423f7c381e331c5787132943615cf7387ca86aa773b31ce4c2791e29528aff0f3e8654bd

  • SSDEEP

    12288:34kZeuSy+N0supMacGM3aNuvuXlJbt6XRCuUg6VB2SVjL:6uSy+N0JpzcGUiRlJbs7Ug6VMSV3

Score
10/10
icedid3108046779bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

3108046779

C2

klayerziluska.com

Targets

    • Target

      Paid_Offer_83_Jan_19.iso

    • Size

      2.1MB

    • MD5

      ff20b342043378b018b88b39d572dfc5

    • SHA1

      d69b4ef00f4635c01302767bbdbb0a24bd7bb9fa

    • SHA256

      2189c2323d2e626f7daa81eeccb6cfb225d3866a0d4532aef070711ac59b09c7

    • SHA512

      e428688b9ef005a1e2ab75a3e2b25b0887bbdac44d145e9cb2957f050d3aa26782157acb82d03755fb487fe15539d3ab44d68fac4cc20cd7565a6c290e49f00a

    • SSDEEP

      24576:rkmZDEMHhp9v1Ikbn3ND0TAVOsIut8P4zlIKE2r/7Bk:QmZFHhp9v1Io3h0TA3pJk

    Score
    10/10
    icedid3108046779bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks