Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    statement[2023.10.11_08-07].vbs

  • Size

    1012KB

  • Sample

    231011-3pz4gaea93

  • MD5

    c2ed082344dfcd3ef0a19785d7f19bda

  • SHA1

    68e4dccdf926a417d88bd3e17e6d3b93d58f0401

  • SHA256

    b8c26e94d120e5193d02e67b46313427744398e3654c9c0f43b6e517d89013b4

  • SHA512

    e5af5beee7ace860051bfed14f58e8052284e3f51eaa8a8de668b75b37b9459bb4573b22e14caa2c8e207f0ed762ab66a38d1c8d36c225c824b4117caba435f1

  • SSDEEP

    6144:dpMZ7yVsu6JErWErEb1ZcaE+oCZowQlroOdqHvwt5hi4IrOU3RqULOSPOmTLGnkF:3AE+JoGP65hQJRmk0ckVu

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      statement[2023.10.11_08-07].vbs

    • Size

      1012KB

    • MD5

      c2ed082344dfcd3ef0a19785d7f19bda

    • SHA1

      68e4dccdf926a417d88bd3e17e6d3b93d58f0401

    • SHA256

      b8c26e94d120e5193d02e67b46313427744398e3654c9c0f43b6e517d89013b4

    • SHA512

      e5af5beee7ace860051bfed14f58e8052284e3f51eaa8a8de668b75b37b9459bb4573b22e14caa2c8e207f0ed762ab66a38d1c8d36c225c824b4117caba435f1

    • SSDEEP

      6144:dpMZ7yVsu6JErWErEb1ZcaE+oCZowQlroOdqHvwt5hi4IrOU3RqULOSPOmTLGnkF:3AE+JoGP65hQJRmk0ckVu

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks