Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    93d1e2cb11d3c40ce8f90faf5168e72b2a246688255b12a22c17dba101cf79b3_JC.vbs

  • Size

    1012KB

  • Sample

    231012-tpde2aaf6v

  • MD5

    4c985d2908c33310a62a43655daecd1a

  • SHA1

    9cb3bc3f35e7b3ae8ffd9d65522391b1ee1ca816

  • SHA256

    93d1e2cb11d3c40ce8f90faf5168e72b2a246688255b12a22c17dba101cf79b3

  • SHA512

    d0970cae134b4450ae93cd15bf3a91c277503c9fa7700cd551498a0ccb3e9917508b3c30c218ff3363e19cce58e43594f2261f5aeb686041bb27fe7653cad35f

  • SSDEEP

    6144:WcbBAYe11DSXXc6iD5mhg19cDproukuwHlqwYxTpu36+sFkA390SY1J5kdazfPgo:DK4gV1SAkTxTpsu3uJ2oyAUB/0

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      93d1e2cb11d3c40ce8f90faf5168e72b2a246688255b12a22c17dba101cf79b3_JC.vbs

    • Size

      1012KB

    • MD5

      4c985d2908c33310a62a43655daecd1a

    • SHA1

      9cb3bc3f35e7b3ae8ffd9d65522391b1ee1ca816

    • SHA256

      93d1e2cb11d3c40ce8f90faf5168e72b2a246688255b12a22c17dba101cf79b3

    • SHA512

      d0970cae134b4450ae93cd15bf3a91c277503c9fa7700cd551498a0ccb3e9917508b3c30c218ff3363e19cce58e43594f2261f5aeb686041bb27fe7653cad35f

    • SSDEEP

      6144:WcbBAYe11DSXXc6iD5mhg19cDproukuwHlqwYxTpu36+sFkA390SY1J5kdazfPgo:DK4gV1SAkTxTpsu3uJ2oyAUB/0

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks