Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106_JC.vbs

  • Size

    1012KB

  • Sample

    231012-xzqpwsaf6s

  • MD5

    76461b5f5b53971ee56faeb25cdcd9af

  • SHA1

    cde5434ed5f46e711c9c2a30ce195e3c8cc7d590

  • SHA256

    c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106

  • SHA512

    ac45584da5b4fdc326d642e10ed2328bc804291999ebe7a23bd6ae378389abb42676f6a90f863ae3fef17f783e347dfe74a2eef12ef6e24e002559fb43bdd10f

  • SSDEEP

    6144:HoyDeQWPJ80bynilzMLwDaHhyvHr82Vqx+DBtBukOTWa1s/zGup+9n0Ixpfj3tla:jxTMW74c2BtUhm0ZL9O/jTLb/cXo/

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

    • Target

      c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106_JC.vbs

    • Size

      1012KB

    • MD5

      76461b5f5b53971ee56faeb25cdcd9af

    • SHA1

      cde5434ed5f46e711c9c2a30ce195e3c8cc7d590

    • SHA256

      c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106

    • SHA512

      ac45584da5b4fdc326d642e10ed2328bc804291999ebe7a23bd6ae378389abb42676f6a90f863ae3fef17f783e347dfe74a2eef12ef6e24e002559fb43bdd10f

    • SSDEEP

      6144:HoyDeQWPJ80bynilzMLwDaHhyvHr82Vqx+DBtBukOTWa1s/zGup+9n0Ixpfj3tla:jxTMW74c2BtUhm0ZL9O/jTLb/cXo/

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks