Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5bab2bc0843f9d5124b39f80e12ad6d1f02416b0340d7cfec8cf7b14cd4385bf_JC.vbs

  • Size

    1012KB

  • Sample

    231012-s48daahc6v

  • MD5

    4ff5625e6bd063811ec393b315d2c714

  • SHA1

    42b188e2e015a72accc50fcbde2d2c81f5258d0b

  • SHA256

    5bab2bc0843f9d5124b39f80e12ad6d1f02416b0340d7cfec8cf7b14cd4385bf

  • SHA512

    f74317199b5c4a45750e1b1e2a4216b51fb8f68dc9634638fa14ebd2c5d32f70d5f0f0172d587c5ab669d0a75e198063e3613a8070d3a8f3d7391d4f406d6053

  • SSDEEP

    6144:ahBT1O3Ok0FID+bbGALk9kJmtZYvz20FAyEJdHLyhS3Vdhka8rccTXCOQS7YPWGc:RALgObHuyozlr5VZl5h1NY

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      5bab2bc0843f9d5124b39f80e12ad6d1f02416b0340d7cfec8cf7b14cd4385bf_JC.vbs

    • Size

      1012KB

    • MD5

      4ff5625e6bd063811ec393b315d2c714

    • SHA1

      42b188e2e015a72accc50fcbde2d2c81f5258d0b

    • SHA256

      5bab2bc0843f9d5124b39f80e12ad6d1f02416b0340d7cfec8cf7b14cd4385bf

    • SHA512

      f74317199b5c4a45750e1b1e2a4216b51fb8f68dc9634638fa14ebd2c5d32f70d5f0f0172d587c5ab669d0a75e198063e3613a8070d3a8f3d7391d4f406d6053

    • SSDEEP

      6144:ahBT1O3Ok0FID+bbGALk9kJmtZYvz20FAyEJdHLyhS3Vdhka8rccTXCOQS7YPWGc:RALgObHuyozlr5VZl5h1NY

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks