Overview

overview

10

Static

static

DECIDENT.lnk

windows7-x64

10

DECIDENT.lnk

windows10-2004-x64

10

SPASTICS/QUINIBLE.dll

windows7-x64

3

SPASTICS/QUINIBLE.dll

windows10-2004-x64

3

SPASTICS/STYRACIN.cmd

windows7-x64

1

SPASTICS/STYRACIN.cmd

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b7222a595d89970162652af4632562947e64bca100e5005e44cef8dac9e908c2.iso

  • Size

    1.1MB

  • Sample

    230201-karvface82

  • MD5

    eb0638ddfa2d30b9f14a43e00e8a8c8b

  • SHA1

    7f021bb1f6df0562d8d4e4975d3702f69b146712

  • SHA256

    b7222a595d89970162652af4632562947e64bca100e5005e44cef8dac9e908c2

  • SHA512

    4435d77c60390afd01e08cdbb362e11a808de6aa8414ee728b492422092040a5fd5db89fa36f66a46ea2dab05648eb2cc0dadf4f146730eda7d883d442db6769

  • SSDEEP

    24576:W7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6WrrUU9fQT:qBqfSU14Zadq1L/cWrrHfQ

Score
10/10
icedid1691396905bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1691396905

C2

plitspiritnox.com

Targets

    • Target

      DECIDENT.LNK

    • Size

      1KB

    • MD5

      0dcf849c45cbcbcc80f2faf974a2da70

    • SHA1

      fb649af9030286b008898cbb0314f39689323a9e

    • SHA256

      dc8d25b04313db41d710d03a22c60eb79eff2f2c8e36980fb8328de6f62e00af

    • SHA512

      c93120e27e161e82e5fe7d8beee0e8eac9a1ee5eb9d54b49eb04a3f15bccf6c04542648efd2edbff4f83a4106563f24a1957486bd1206a1f571e717a5404d98a

    Score
    10/10
    icedid1691396905bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

    • Target

      SPASTICS/QUINIBLE.DAT

    • Size

      1.0MB

    • MD5

      a146dac7b641fff2c5c3c0cf320731aa

    • SHA1

      0b21a4b04e79565e26e4236772d4605fc39862e7

    • SHA256

      95ad74c1dff5293c49c955a4e77c17e6912c7b8d1fc8f5f4c6f05ac77a56a9ab

    • SHA512

      9fa32a0d1128c90b27c31080a767b6f5c34638a436c5573af9a990acab2973b7f93116509ffd4519e0a56572d2f1640f8c7dad9310153ca7c06a752ab95f9b19

    • SSDEEP

      24576:x7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6WrrUU9fQT:1BqfSU14Zadq1L/cWrrHfQ

    Score
    3/10
    behavioral3behavioral4

    • Target

      SPASTICS/STYRACIN.CMD

    • Size

      493B

    • MD5

      790ceb9320dc61a4dce587d010687ba7

    • SHA1

      dddda5ee7edee9905f5e39f35370b0ce07613d81

    • SHA256

      3fea013a2165df121f9e585b6379ec0aa3215510302c1afbea20d9e4276d6fe0

    • SHA512

      9b06b3bb0f918a7e40246f28c6a10dc623620f34a2f2b6e7dd83ad28126a26bf573001a16eda1c78d388407f944fd91708ff9d3f98654abcd265a926d7e0cad1

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks