Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fd685d5811578ac189ffc6802615e11c86424765cc231a024e97c03c99f37947_JC.js

  • Size

    34KB

  • Sample

    230901-vb2fdage36

  • MD5

    d38a35de750d0d8628cb073a9a0ad8b2

  • SHA1

    b98af1c8fe2a75060fa25a7eee20c32518271822

  • SHA256

    fd685d5811578ac189ffc6802615e11c86424765cc231a024e97c03c99f37947

  • SHA512

    b7348f060b646efd8e7501ce7a411346b7de95a715b7a1d2294df32c2b4ed425262ef0102af2d72c5f3d0f5f8db2f0feede4f5885a2fa6d48f9c2c9b40cde247

  • SSDEEP

    768:RwRahuDvIhINs1sCT7A797k7a7a7Q7u7F7r7e7I7B7C7D7N7y7o727B7of7y7M76:RwRahBhIN3CTMJ4W+cC5fS0VWnJWk6l5

Malware Config

Extracted

Family

icedid

Campaign

4240553492

C2

oopscokir.com

Targets

    • Target

      fd685d5811578ac189ffc6802615e11c86424765cc231a024e97c03c99f37947_JC.js

    • Size

      34KB

    • MD5

      d38a35de750d0d8628cb073a9a0ad8b2

    • SHA1

      b98af1c8fe2a75060fa25a7eee20c32518271822

    • SHA256

      fd685d5811578ac189ffc6802615e11c86424765cc231a024e97c03c99f37947

    • SHA512

      b7348f060b646efd8e7501ce7a411346b7de95a715b7a1d2294df32c2b4ed425262ef0102af2d72c5f3d0f5f8db2f0feede4f5885a2fa6d48f9c2c9b40cde247

    • SSDEEP

      768:RwRahuDvIhINs1sCT7A797k7a7a7Q7u7F7r7e7I7B7C7D7N7y7o727B7of7y7M76:RwRahBhIN3CTMJ4W+cC5fS0VWnJWk6l5

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks