Overview

overview

10

Static

static

INV_Scan_Jan.lnk

windows7-x64

10

INV_Scan_Jan.lnk

windows10-2004-x64

10

hublamjogk...yU.cmd

windows7-x64

1

hublamjogk...yU.cmd

windows10-2004-x64

1

hublamjogk...ng.dll

windows7-x64

1

hublamjogk...ng.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20230120.zip

  • Size

    176KB

  • Sample

    230123-veka9sec35

  • MD5

    213f67843b5954f275cba38ea91b0c7d

  • SHA1

    e1e651625dd1826f300fbd9b7dbff1ba141957f8

  • SHA256

    a8b62a647ee1bf728c8c10276da781f8ae6e194aa95c1fb225671913d49869e1

  • SHA512

    b64c11dd57c6393fab50b340f045f81639b1bda6ff0bd7cc59d97e5e665e129e643db74b2ecd3fdd5fa31d6b5f65a928152af8d799848c0c960529859f81fece

  • SSDEEP

    3072:OJWzZnhqzaN8nL+YG9vtXG/fesYXLuW5EMeRLS4B8IHujnqRJw/pMrl+kxkMcRT:IWNnhqz04+YGvhGnexbuWmMeRYjUZhrI

Score
10/10
icedid886885680bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

886885680

C2

umousteraton.com

Targets

    • Target

      INV_Scan_Jan.lnk

    • Size

      1KB

    • MD5

      fadc02361419018e406c6260200fa66c

    • SHA1

      699e8bd78feaa75fbf411535a2f232038dc7af09

    • SHA256

      4fbda5d7ac20f4ecef665c9379ea86f7dcc2ac7816c97601223f12a51a3e3e68

    • SHA512

      96b87b914130e5eb5d96594797af7aaa6dc908028afead3d79d02912f20a333df0703a5972e228f268decf0d3821f005a0d716b2c69e7767dbc8495e21a4bfef

    Score
    10/10
    icedid886885680bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      hublamjogk/bowsaptoyU.cmd

    • Size

      1KB

    • MD5

      bc80fc8754faa57bc46358afa90ade4d

    • SHA1

      428d9a8609a647e8d74a0c9017babfd1ad567635

    • SHA256

      1fb4245d07a96f49c0444f3b8605ca16a830e0081002748be0aa581493135d45

    • SHA512

      70ca03b05193e0a68fa5d693a2bb7c76e207ec5704e57f39ed1818c9438afa733b56614ccc3fc4f36ef7696626b026d5437bba0aaa6d549d77ccd0c2d90cf7a2

    Score
    1/10
    behavioral3behavioral4

    • Target

      hublamjogk/skysurfing.dat

    • Size

      514KB

    • MD5

      0b44756101b2f2a79341c08bfebbaf46

    • SHA1

      a7eee2811565316f074f3b3e97eb56c4298eebb4

    • SHA256

      ad174760985c5418b4a3c3a97cd8d7658e3bbb7030f72f2eff9ff97e57f200bd

    • SHA512

      a1d2003a31b7cf15d7b7ab1c9bb86ce4eb4a5d510349972677b5fcdceaf7d106eacb87f946c95d756a892dc962e4144f2bb184a3376e11e97e80f8e05b4ff794

    • SSDEEP

      6144:IuS8iJgEjHlmbG3Gt20CZPbPBtqdacYQ2MmU:Iu8JgfG3rLQfm

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks