Overview

overview

10

Static

static

1

ASSAILED/HORATIAN.dll

windows7-x64

3

ASSAILED/HORATIAN.dll

windows10-2004-x64

3

ASSAILED/UNFIBBED.cmd

windows7-x64

1

ASSAILED/UNFIBBED.cmd

windows10-2004-x64

1

PHIMOSES.lnk

windows7-x64

10

PHIMOSES.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INV_Scan_27.IMG

  • Size

    1.1MB

  • Sample

    230420-xg6cmabg35

  • MD5

    d8e59857da4e4f6760a2ce614329093c

  • SHA1

    ea8847b44c946408262a627e742e57d656d2e1c0

  • SHA256

    0879ebf8777d574b944b015cedacef86e779da5738fb43ca6b9d7042346b0e3d

  • SHA512

    e00ad0367726b99da01cb322f2a6263ba5dfcd090538006c0f977601c122bc0201dab2bf5eb25d2604cced248e75b99b7ff65ca0ceb180f9a7a5efdc99a9225b

  • SSDEEP

    24576:q7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6WrrUU9fQT:2BqfSU14Zadq1L/cWrrHfQ

Score
10/10
icedid1691396905bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

1691396905

C2

plitspiritnox.com

Targets

    • Target

      ASSAILED/HORATIAN.DAT

    • Size

      1.0MB

    • MD5

      a146dac7b641fff2c5c3c0cf320731aa

    • SHA1

      0b21a4b04e79565e26e4236772d4605fc39862e7

    • SHA256

      95ad74c1dff5293c49c955a4e77c17e6912c7b8d1fc8f5f4c6f05ac77a56a9ab

    • SHA512

      9fa32a0d1128c90b27c31080a767b6f5c34638a436c5573af9a990acab2973b7f93116509ffd4519e0a56572d2f1640f8c7dad9310153ca7c06a752ab95f9b19

    • SSDEEP

      24576:x7Vt9qfawrN27U1izzZaRbfp81L/Wm/nd6WrrUU9fQT:1BqfSU14Zadq1L/cWrrHfQ

    Score
    3/10
    behavioral1behavioral2

    • Target

      ASSAILED/UNFIBBED.CMD

    • Size

      483B

    • MD5

      cc1f7cdaa6268958ed451dd0d81b364c

    • SHA1

      652edc691690f87582f334685ba60524d6531d4b

    • SHA256

      53a72331d0a635fcf9b4c1f22228e24819998b07bc53ecce786158581477c756

    • SHA512

      68d50c41fa7fcf36b483cd2a7c4f585899d0e57e0bbe456e92d2efe07c62e042772cf4e5dc980491e4fa33edbca5743fa30b8b8ed42e78c018930254c030b477

    Score
    1/10
    behavioral3behavioral4

    • Target

      PHIMOSES.LNK

    • Size

      1KB

    • MD5

      988655e2dd5ecb85deca83d0e9620970

    • SHA1

      793d8712119e562961e825654b4cb14eefa20278

    • SHA256

      cb4f20b997528e24a619b634247bbb715baee33b7e7b9ed7de9476052708ac21

    • SHA512

      b62dba169a01fdfa18f730d2207077d1ea4d7725b6d52d2a36be4c2ec84b39fb8beaf9d98dbf5b94139ce10a09cd3002879cb1c044a358675620532bd7eb37e1

    Score
    10/10
    icedid1691396905bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks