Overview

overview

10

Static

static

INV_Scan_Jan.lnk

windows7-x64

10

INV_Scan_Jan.lnk

windows10-2004-x64

10

Requirements.lnk

windows7-x64

3

Requirements.lnk

windows10-2004-x64

7

hublamjogk...yU.cmd

windows7-x64

1

hublamjogk...yU.cmd

windows10-2004-x64

1

hublamjogk...ng.dll

windows7-x64

1

hublamjogk...ng.dll

windows10-2004-x64

1

projectt.py

windows7-x64

3

projectt.py

windows10-2004-x64

3

python.exe

windows7-x64

1

python.exe

windows10-2004-x64

1

pythonw.exe

windows7-x64

1

pythonw.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Desktop.zip

  • Size

    279KB

  • Sample

    230123-vc94xaec29

  • MD5

    a61c9212dee90681555ed8fd863e24ec

  • SHA1

    4149f301bfddbe736c15e45a24b8ef2cff70b74b

  • SHA256

    022f4194976317beacd99827084d664a28c014a913e31dfda69df854bcdfcb2e

  • SHA512

    a47d819d13d5295527efce89ad67e7a127f58fef88207270ef5e8b431b366481e791aad6de41713a3d527cc30dfcb727f8bf3c5911ee61890464c2d457330bc3

  • SSDEEP

    6144:IWNnhqz04+YGvhGnexbuWmMeRYjUZhrcRuBlJ4kuDeu4JRX5nq:RNhK04+YGZlaXZRYKhrcRG4XJWq

Score
10/10
icedid886885680bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

886885680

C2

umousteraton.com

Targets

    • Target

      INV_Scan_Jan.lnk

    • Size

      1KB

    • MD5

      fadc02361419018e406c6260200fa66c

    • SHA1

      699e8bd78feaa75fbf411535a2f232038dc7af09

    • SHA256

      4fbda5d7ac20f4ecef665c9379ea86f7dcc2ac7816c97601223f12a51a3e3e68

    • SHA512

      96b87b914130e5eb5d96594797af7aaa6dc908028afead3d79d02912f20a333df0703a5972e228f268decf0d3821f005a0d716b2c69e7767dbc8495e21a4bfef

    Score
    10/10
    icedid886885680bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      Requirements.lnk

    • Size

      1KB

    • MD5

      2157d05171e0a32c30a8c8350d25335a

    • SHA1

      3af6b7bcd388b88d71ae09789b18a7a01e23b14b

    • SHA256

      6e37e051433faa97a381fc8d8a51e8d0a5384d2fc7abc3dcf727d036bc196a74

    • SHA512

      80585b023390d8adbb199e054cc1bfbf82b59c68965b1549f95ae45f33eb1b7f22fa448ff9ed134d6fb04d965216f4a884ed63a6bdbe743c7f5e5233e3b46e5d

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      hublamjogk/bowsaptoyU.cmd

    • Size

      1KB

    • MD5

      bc80fc8754faa57bc46358afa90ade4d

    • SHA1

      428d9a8609a647e8d74a0c9017babfd1ad567635

    • SHA256

      1fb4245d07a96f49c0444f3b8605ca16a830e0081002748be0aa581493135d45

    • SHA512

      70ca03b05193e0a68fa5d693a2bb7c76e207ec5704e57f39ed1818c9438afa733b56614ccc3fc4f36ef7696626b026d5437bba0aaa6d549d77ccd0c2d90cf7a2

    Score
    1/10
    behavioral5behavioral6

    • Target

      hublamjogk/skysurfing.dat

    • Size

      514KB

    • MD5

      0b44756101b2f2a79341c08bfebbaf46

    • SHA1

      a7eee2811565316f074f3b3e97eb56c4298eebb4

    • SHA256

      ad174760985c5418b4a3c3a97cd8d7658e3bbb7030f72f2eff9ff97e57f200bd

    • SHA512

      a1d2003a31b7cf15d7b7ab1c9bb86ce4eb4a5d510349972677b5fcdceaf7d106eacb87f946c95d756a892dc962e4144f2bb184a3376e11e97e80f8e05b4ff794

    • SSDEEP

      6144:IuS8iJgEjHlmbG3Gt20CZPbPBtqdacYQ2MmU:Iu8JgfG3rLQfm

    Score
    1/10
    behavioral7behavioral8

    • Target

      projectt.py

    • Size

      551B

    • MD5

      bd4dab365285c2c3557af8335632b5af

    • SHA1

      8c344c5b9559c029f519b65a7cf893bb4b15a6e9

    • SHA256

      d712f823065d710535392c8c80b6c874da06f68b707c7e18306344eb99c5847c

    • SHA512

      bf1910784a2319bce5ae45866fa66d27ac2e535b43fb5f7dea097dff41ee26562387d32737c2e5c9cd8f8bfa7645d30b22fd1b7e91d819c7fe76f37bcd3edced

    Score
    3/10
    behavioral10behavioral9

    • Target

      python.exe

    • Size

      99KB

    • MD5

      0d7e35d7b045ec9447aa18d064fcd9c8

    • SHA1

      fc8abbafbcf3b8f959b3e9c956109da0218aa95c

    • SHA256

      3093fcf263029ca1d799fea250a4e032d2c930a516f1513eeca688b343c836b3

    • SHA512

      7e9d78959563fd416422b6e226b73ed4ed2da7905ad89d93571f93b113fbcc1ee7203f18bb53bd495b9f79d4d9b72bbc0b6aad5cc4ce4356e655e8e459997cac

    • SSDEEP

      1536:NFVCKbuEYE+9z2wp+FavGmhMn+IhzZtz8/duRo7SyYPx:NFVCKbuAs0FNmhMn+IhN+/duRoyx

    Score
    1/10
    behavioral11behavioral12

    • Target

      pythonw.exe

    • Size

      97KB

    • MD5

      535dbfade17a856935667eae25acc166

    • SHA1

      881db3c6ec9b8eee8c26c0b6c0278a3c8c3f301b

    • SHA256

      61957119137f9492ab7cff41ed83619cdd398b8d47ceb4feeba5ed9bd0fcdc22

    • SHA512

      8dc2fc6534a67b27bb65d65fc366cd9101ffd1a918924be7e1dfb253785cc0b57ce10621ea93af3769b1393cbde630cde92068689ef674c8c75e76a17bf49a09

    • SSDEEP

      1536:bEqhuhIxHHWMpdPa5wiE21M8kJIGFvb1Cwb/x+sT7SyBPxs:YqISwMpdCq/IM8uIGfR/x+sT7xs

    Score
    1/10
    behavioral13behavioral14

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks