Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Document_08_22_83358.js

  • Size

    32KB

  • Sample

    230822-yn6seage7v

  • MD5

    b94169d7fcf7fb3ce08fa95e4676da37

  • SHA1

    f389244207b1f9804ea386586413c3fb84cb4e21

  • SHA256

    fd6bab35a50fe31eaa9c8ab86e61786c79a7b23dd447610ba1a9617e8267acbd

  • SHA512

    cbb56626ffe274fb4a1df0ead028800201b1910279f9581bd0503db7f42ed85b8b9006961d2f8ed01ea2d847097625f123d1244cea236204ecf28064a7208540

  • SSDEEP

    384:0gjih/zrnbNun0FJBEZyyZHVjv2AgpZyJpszYWk7Pqo5Vze4Cll6aogReLyxcB19:BiAs2ck2UskWe75AVdMt+kj68VrrAhwt

Malware Config

Extracted

Family

icedid

Campaign

4089554921

C2

manderatapple.com

Targets

    • Target

      Document_08_22_83358.js

    • Size

      32KB

    • MD5

      b94169d7fcf7fb3ce08fa95e4676da37

    • SHA1

      f389244207b1f9804ea386586413c3fb84cb4e21

    • SHA256

      fd6bab35a50fe31eaa9c8ab86e61786c79a7b23dd447610ba1a9617e8267acbd

    • SHA512

      cbb56626ffe274fb4a1df0ead028800201b1910279f9581bd0503db7f42ed85b8b9006961d2f8ed01ea2d847097625f123d1244cea236204ecf28064a7208540

    • SSDEEP

      384:0gjih/zrnbNun0FJBEZyyZHVjv2AgpZyJpszYWk7Pqo5Vze4Cll6aogReLyxcB19:BiAs2ck2UskWe75AVdMt+kj68VrrAhwt

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks