Overview

overview

10

Static

static

NDAPersona...nk.lnk

windows7-x64

3

NDAPersona...nk.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NDAPersonalData.rar

  • Size

    642KB

  • Sample

    230126-c2187adg41

  • MD5

    4d9af09bdea0269ec847b742625841a6

  • SHA1

    8e3f3b4f55d7cae65bfc3d848dcaffea2cb56af1

  • SHA256

    b6c97f09913469524214a9c6c5b46b6faacf21953bb9478311a851bfcfb14843

  • SHA512

    56a034ff0b18406a078d0ec872f18d67507b29c73662381e4a57070fe1f6ade1a4e423c056c116b670fffc679ce0aa5cfa00fe488255b221ebc3c238bda08db7

  • SSDEEP

    12288:YSdiqC4HyOq5T9YlK7Ti8G3MrNCm7o7XBg7GQonZ:DiQHyVYlK7T/jrMIo+SZ

Score
10/10
icedid2546188793bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2546188793

C2

anisiderblomm.com

Targets

    • Target

      NDAPersonalData/f1acdf0794d290dbd6ef4bdc77292a24.Lnk.vir

    • Size

      2KB

    • MD5

      f1acdf0794d290dbd6ef4bdc77292a24

    • SHA1

      248a8e6c8a2af76e49e7b8b1b5b759cecb0be4ee

    • SHA256

      e0d6aa1f52db325526b489597e449a853a37585e57be01569059619199cb43de

    • SHA512

      6fdf61b54b207f3b4a06b7e7dd45f60982b8db3c0d3e214d6828fa0ed1ad961d4fb5e820fe7a361e8026c9ba6507b8597c9b77f2bd7911c08328bfa2760ae4c5

    Score
    10/10
    icedid2546188793bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks