Overview

overview

10

Static

static

NDAPersona...11.lnk

windows7-x64

3

NDAPersona...11.lnk

windows10-2004-x64

10

NDAPersona...op.dll

windows7-x64

3

NDAPersona...op.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZoomInfoDBExtract16.zip

  • Size

    697KB

  • Sample

    230125-x5h71aab83

  • MD5

    8ef6db743a14fdb8f1d3a775ec1d4bea

  • SHA1

    94d569e6f949fe101e0cefed924e9d3f5b1b3263

  • SHA256

    6e0a64ae1c914961faa708b0ff5f43c30d3c04997e05bd2add145ffe07debf2a

  • SHA512

    79439924cd237250e03f02663e30c2615c2df9021c3539ed69451b93a124c9b03b214dd588ada60e0df76d1caf9725375bbab501874b4a75dbca7bd8575c2626

  • SSDEEP

    12288:hB5EeqxfGU8iNXSG1RmVvm9LzUuQcjynm/2ZpOuRn5BMEcLvhqXkWQbebPB2OZES:hlqxff8ivmVvm9LAuQcjAm/E5RGQXkW3

Score
10/10
icedid2546188793bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2546188793

C2

anisiderblomm.com

Targets

    • Target

      NDAPersonalData/NDAZoomInfo11.Lnk

    • Size

      2KB

    • MD5

      f1acdf0794d290dbd6ef4bdc77292a24

    • SHA1

      248a8e6c8a2af76e49e7b8b1b5b759cecb0be4ee

    • SHA256

      e0d6aa1f52db325526b489597e449a853a37585e57be01569059619199cb43de

    • SHA512

      6fdf61b54b207f3b4a06b7e7dd45f60982b8db3c0d3e214d6828fa0ed1ad961d4fb5e820fe7a361e8026c9ba6507b8597c9b77f2bd7911c08328bfa2760ae4c5

    Score
    10/10
    icedid2546188793bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      NDAPersonalData/desktop.ini

    • Size

      1.4MB

    • MD5

      0f9d853f54ed0d1a800051ec718f16db

    • SHA1

      a12bd8f8edff0743e92119527673c91d2d0888e0

    • SHA256

      18ff52ee24dbdf6593324b52250115b6c5314e159b681a3a437e3b163d3bf6ab

    • SHA512

      04cdae504c213aa6fa645bd3d2a948dbfa5d616b3516f5787d79f5054ee25c3938e07259e4a3d59c8a7265a4f686897859aeadc419b92adb17b5d3595eb45da2

    • SSDEEP

      24576:mTfaPo9UzJSUrZMrZjY57tj2OM8SC/XPt8JGfZb3GW2:8fKo9uJSUrZgwtc8SC/uJGu

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks