Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Document_09_13_927.js

  • Size

    43KB

  • Sample

    231014-b3ewxaac5z

  • MD5

    03677c4079fafd6413c5552f3d6da926

  • SHA1

    28f14a816b7fb22630c7d59af9d404f51dab4f69

  • SHA256

    32ee3a4074bff70f212b88233f37f72796982c3e579fcdcc7c773ae5c41ae010

  • SHA512

    debf24ab43ea09c567afe47e5289fad62fb19e7d8d1d6401e466feec1f1da84e3652e06854750e0911cdeead48b7a86bfeb74e440ca43bbda9588162da9875fc

  • SSDEEP

    384:eo/1qDp3h548/pzFhb2uhK2U2yoWmfrL4tuEsSRqQ1SDIJnjOsetOI88s8vr6z1d:/qHLi+lIR6J2kzqpaJfs9

Malware Config

Extracted

Family

icedid

Campaign

1638996626

C2

minutozhart.online

Targets

    • Target

      Document_09_13_927.js

    • Size

      43KB

    • MD5

      03677c4079fafd6413c5552f3d6da926

    • SHA1

      28f14a816b7fb22630c7d59af9d404f51dab4f69

    • SHA256

      32ee3a4074bff70f212b88233f37f72796982c3e579fcdcc7c773ae5c41ae010

    • SHA512

      debf24ab43ea09c567afe47e5289fad62fb19e7d8d1d6401e466feec1f1da84e3652e06854750e0911cdeead48b7a86bfeb74e440ca43bbda9588162da9875fc

    • SSDEEP

      384:eo/1qDp3h548/pzFhb2uhK2U2yoWmfrL4tuEsSRqQ1SDIJnjOsetOI88s8vr6z1d:/qHLi+lIR6J2kzqpaJfs9

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks