General

  • Target

    document_09-22_invoice_8339_unpaid.iso

  • Size

    736KB

  • Sample

    230328-j9hv5shg89

  • MD5

    2c9ef3ab7f60ea0b2a52567c3cd9851a

  • SHA1

    24f61af262136ddf0c9380aef90993c561b5af2c

  • SHA256

    b66e82590e6065b6bb700d67047937213abaa6129cf2cf9f4c89d0206b6cdc3f

  • SHA512

    268b05b1618089e92bfe01e17152ac003ae54e3f4e4c3a8186ea228bbd65319b3749eaaebbcfe433638b2c5800c0a9b6883a85b7d822582e052a5379568482c5

  • SSDEEP

    12288:0iaxP58X2ikP7U1AVMp3j+NwHOZOuAwAwFOjHgAO3qJOFHswfwYOmOhHm:0H22ikPg1A6pT+yQAwAwgHgtqAHswfw6

Malware Config

Extracted

Family

icedid

Campaign

1023645195

C2

trallfasterinf.com

Targets

    • Target

      document_09-22_invoice_8339_unpaid.iso

    • Size

      736KB

    • MD5

      2c9ef3ab7f60ea0b2a52567c3cd9851a

    • SHA1

      24f61af262136ddf0c9380aef90993c561b5af2c

    • SHA256

      b66e82590e6065b6bb700d67047937213abaa6129cf2cf9f4c89d0206b6cdc3f

    • SHA512

      268b05b1618089e92bfe01e17152ac003ae54e3f4e4c3a8186ea228bbd65319b3749eaaebbcfe433638b2c5800c0a9b6883a85b7d822582e052a5379568482c5

    • SSDEEP

      12288:0iaxP58X2ikP7U1AVMp3j+NwHOZOuAwAwFOjHgAO3qJOFHswfwYOmOhHm:0H22ikPg1A6pT+yQAwAwgHgtqAHswfw6

    Score
    3/10
    • Target

      document.lnk

    • Size

      1KB

    • MD5

      906431e4b7c5050b3f9540e06c98741c

    • SHA1

      c18c10e9ae8193a34571f30a59a3691b0959f49a

    • SHA256

      fa9e92699d7dbd1b25e709a308f0d28d130261f368c8b82f66fab1078785a2bd

    • SHA512

      18b6372a7c20a324b37b5bd5e899fd8ac3a01e7b4add275cf66b08734162878f434bc28f82c7e6fcc3cba3039ef44ff83ee19bf80dcd5dcc96252c40a467afa7

    Score
    3/10
    • Target

      scabs/cheerfulFatty.cmd

    • Size

      58B

    • MD5

      9685a6d10cb9325ee48c52c569ad3bf6

    • SHA1

      90792d715cd6064eb038dce7b16f664f23e85c7f

    • SHA256

      eed3aed1783600040e255df6d45b27b09030bf1f58e7880812307600604d1dc9

    • SHA512

      e6178236cb40bc8faf5161268776dbefe4970dc373f11f5275a8d85c9b12425b8b5e54c2b8ef821cfef9ed08514f4e50c95bd707ce8bfb6ce18a7efb004f667c

    Score
    1/10
    • Target

      scabs/jug.db

    • Size

      317KB

    • MD5

      c0d45a442b3f1ef9d795e7b83c8fff4a

    • SHA1

      b5f3bc186cac696e0664c32c1f4036414f1d5538

    • SHA256

      30f7e6a787e359b165a870828621b7c75e39cd2452abe8c707afb28e0b50870d

    • SHA512

      2a38fa803ad575028e715bcb7b4fc02f8009aa5bee22b3466df23e084ae8c304d717735f2aa0ccaf41ad9522f62909c0c92778b8e784ae55032b7ec468affcae

    • SSDEEP

      6144:hiaIMPl3fdywZzWsIRhcY2EmQ77BkP7+sPI1AFT:hiaxP58X2ikP7U1A1

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Target

      scabs/residesLollipops.js

    • Size

      203B

    • MD5

      ce34e104945a213de34af5766e199208

    • SHA1

      053d631f2ae8576a96437a7afe30df9b450d010c

    • SHA256

      f96612afc6fcd126508ccb7d48c03fa39875113128ff9ac2fa769f65aa7b53bb

    • SHA512

      7d861f3e5bcce06522a0e68560ae350ab958de6d1cc86d04da8fab208f509695172a268253c4971d6076d93ddcb6c1ad33a260cc3d1cf4570e9856befda071fd

    Score
    3/10
    • Target

      scabs/roars.jpg

    • Size

      70KB

    • MD5

      d4d7da0fde972f47a5998198f2e6691f

    • SHA1

      239c77e6d8b8f33fdae4c15eb54ab38136a57396

    • SHA256

      b95db993da5c8786a498346368cef6e89714864a64e08d2a5923e9e44255e61e

    • SHA512

      13da745251a02a16bc05cc4b2ca5889068edfbfadbca28fa6174f8d79d040219926d48ea3ec7854677682385fadf87506187e8f242ced7e6a909441daa4d5e5d

    • SSDEEP

      1536:tml7z09MuHOCgBrofUB6kitzwhhzEbK+rddFpuQzOqPrR9AbCZ+5Gw:aRu2Cs8nz6ibKaddFpyqzRmU+53

    Score
    3/10
    • Target

      scabs/z.txt

    • Size

      284KB

    • MD5

      a92c3d8dab1aa26600898ba923a41f6d

    • SHA1

      d7ba06a811fae4eae86760714c562e684fb45d13

    • SHA256

      5a73ccf59df445c45587cd17e214f8d9e35ec8a55afae999d30ac0790f2a273d

    • SHA512

      263f3f4d7f58757eec5b12f79029224b60d0f39ba5b7760db812910356824e5b120342b29965959fedb72916b520a60a288c589912945980b0211565ee355870

    • SSDEEP

      6144:HwuvuOAYOuWAk7wfDubbwFOk5TcHgnCykO3qbETAOFH+S6T1nwXeS3wYOKbOhHm1:HwHOZOuAwAwFOjHgAO3qJOFHswfwYOmT

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

4
T1082

Tasks