Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

04/08/2023, 02:06

230804-cjk49aab2t 10

04/08/2023, 02:05

230804-ch1hjsha28 3

General

  • Target

    d.dll

  • Size

    527KB

  • Sample

    230804-cjk49aab2t

  • MD5

    60f8d1993043c054e0ddb91e11fc184f

  • SHA1

    80d274ff4278baff08418d48c647c8c0604db3ab

  • SHA256

    09a537a7c4bed33cfb33ae7d7b5360b52e6c1396a893b67b5e71acc28e3f74c2

  • SHA512

    007d9ed82a9cb612882afa70f9482d078f7612e913fd6f4b351307b37c5eaaededaf5b1a2aa1ba0a2ebc48888a475b168b5ea2ad3ef1c35a883daf8ece9f795b

  • SSDEEP

    12288:jymcE1WefvUdDpWcc/9scDp6MGuXxGSthFLEXCRF3MK:e6fvUdDp0/9sY6MGuFoCRF3MK

Malware Config

Extracted

Family

icedid

Campaign

43832328

C2

ospertoolsbo.com

Targets

    • Target

      d.dll

    • Size

      527KB

    • MD5

      60f8d1993043c054e0ddb91e11fc184f

    • SHA1

      80d274ff4278baff08418d48c647c8c0604db3ab

    • SHA256

      09a537a7c4bed33cfb33ae7d7b5360b52e6c1396a893b67b5e71acc28e3f74c2

    • SHA512

      007d9ed82a9cb612882afa70f9482d078f7612e913fd6f4b351307b37c5eaaededaf5b1a2aa1ba0a2ebc48888a475b168b5ea2ad3ef1c35a883daf8ece9f795b

    • SSDEEP

      12288:jymcE1WefvUdDpWcc/9scDp6MGuXxGSthFLEXCRF3MK:e6fvUdDp0/9sY6MGuFoCRF3MK

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Modifies Installed Components in the registry

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks