Overview

overview

10

Static

static

3

inv.iso

windows10-2004-x64

3

out.iso

windows10-2004-x64

1

Unpaid_order-.lnk

windows10-2004-x64

3

also/by.gif

windows10-2004-x64

1

also/get.txt

windows10-2004-x64

1

also/like.dll

windows10-2004-x64

10

also/on.gif

windows10-2004-x64

1

also/there.gif

windows10-2004-x64

1

also/what.gif

windows10-2004-x64

1

also/worker.cmd

windows10-2004-x64

1

also/worker.js

windows10-2004-x64

1

Resubmissions

05-02-2024 11:12

240205-na8dzagdbq 10

05-02-2024 11:04

240205-m6lpeaebc9 3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    inv.iso

  • Size

    526KB

  • Sample

    240205-na8dzagdbq

  • MD5

    b0ea13990301f024fb3fbf1ca8bbaf4d

  • SHA1

    a3a81e04e129c1de8cef7dc883916a1f5021658b

  • SHA256

    71b5dc8fec75d1efb17f4738129efd2b47fef5c3442d3993239c0ac8c29d533c

  • SHA512

    86a03a0a0bc9c1f5f3e19763f0a136d7c92e12507f06c7e5909e759389fb9d5625569514a466d73f9e3e65ebb187f83811e589224bc4b0c720b1cdeca05cede5

  • SSDEEP

    6144:/S5kfebzXgBXKlDcWHamQlDFlDvUmVlDTBQdBbqPBzKbCOd2slDHOshCTlcZn1Pu:/S5kdzBQ8ogPxiBqL0hOTPxSQKHEqiZ

Score
10/10
icedid2745070743bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

2745070743

C2

cootembrast.com

Targets

    • Target

      inv.iso

    • Size

      526KB

    • MD5

      b0ea13990301f024fb3fbf1ca8bbaf4d

    • SHA1

      a3a81e04e129c1de8cef7dc883916a1f5021658b

    • SHA256

      71b5dc8fec75d1efb17f4738129efd2b47fef5c3442d3993239c0ac8c29d533c

    • SHA512

      86a03a0a0bc9c1f5f3e19763f0a136d7c92e12507f06c7e5909e759389fb9d5625569514a466d73f9e3e65ebb187f83811e589224bc4b0c720b1cdeca05cede5

    • SSDEEP

      6144:/S5kfebzXgBXKlDcWHamQlDFlDvUmVlDTBQdBbqPBzKbCOd2slDHOshCTlcZn1Pu:/S5kdzBQ8ogPxiBqL0hOTPxSQKHEqiZ

    Score
    3/10
    behavioral1

    • Target

      out.iso

    • Size

      526KB

    • MD5

      b0ea13990301f024fb3fbf1ca8bbaf4d

    • SHA1

      a3a81e04e129c1de8cef7dc883916a1f5021658b

    • SHA256

      71b5dc8fec75d1efb17f4738129efd2b47fef5c3442d3993239c0ac8c29d533c

    • SHA512

      86a03a0a0bc9c1f5f3e19763f0a136d7c92e12507f06c7e5909e759389fb9d5625569514a466d73f9e3e65ebb187f83811e589224bc4b0c720b1cdeca05cede5

    • SSDEEP

      6144:/S5kfebzXgBXKlDcWHamQlDFlDvUmVlDTBQdBbqPBzKbCOd2slDHOshCTlcZn1Pu:/S5kdzBQ8ogPxiBqL0hOTPxSQKHEqiZ

    Score
    1/10
    behavioral2

    • Target

      Unpaid_order-.lnk

    • Size

      1KB

    • MD5

      fa364a1cf654186f48204e6bdf456b63

    • SHA1

      b50d418398b1b5fbb248bcd063fbad18174f8f7a

    • SHA256

      d9a8ff6e4302ed79d0e6c9bafb7e4adf7ff9b30ae6fedbffadb5061f6642658d

    • SHA512

      c03bd180d034f8ccfb41114298f8b565781cdb4d009710fa60da04e5ef0bd6142998938503dc72afb7c6f87aa0809cac477c74d5d6b76e43dd9782923b2abf3b

    Score
    3/10
    behavioral3

    • Target

      also/by.gif

    • Size

      36KB

    • MD5

      08832f70f70051af1e333f55a5831177

    • SHA1

      f92d02387b8ea01ee8774b7478a9d2edf2241d30

    • SHA256

      9cff2120eaada1e3f78dedc8441dd521374bde472df998ed533793d6b9f45cf7

    • SHA512

      fc54b981f385fa42fabcb5df5646eda33e3d453713fe01efc16d7d11aae3f2067f207f0434d52993b59c8c7156dec595ea19b0611784b3f8018283da793d1b9b

    • SSDEEP

      768:RzipGJ3GzIq30tin+SNo5svSzqjWAC4Wu0/brIT:0QUtEtin+SNMJuTWt/gT

    Score
    1/10
    behavioral4

    • Target

      also/get.txt

    • Size

      242KB

    • MD5

      8de30ee3be338f27921eb8cfa5b95571

    • SHA1

      d1b58eb5aab93a49c0ced3701e2b1bbc540e63d1

    • SHA256

      b8aaf33cb48aa39a41700384f9dee291ceadfed830bed67dca7488f558a23957

    • SHA512

      a87177315c68a1b0947f3aa1db422fac6ed399838d7b5b91997bf6c8ae435fcf43500ac39642fa3da36a718891b4fc0a722e081b2c6d606d6fe20dacb1207e93

    • SSDEEP

      6144:3ebzXgBXKlDcWHamQlDFlDvUmVlDTBQdBbqPBzKbCOd2slDHOshCTlcZns:FzBQ8ogPxis

    Score
    1/10
    behavioral5

    • Target

      also/like.dat

    • Size

      102KB

    • MD5

      70ca4fdb88ee6c19ca5c2fd9ad190991

    • SHA1

      b25460176e51cbac31c3265aa812cd74c33af9f6

    • SHA256

      1c66b9a445e00b352652452d5a328a9290f295f59d5047c31d9e79afbc73a340

    • SHA512

      f89d507a417be50d9251df99e766b28036fa00f7671772645e9cd07455ed1a450a7fd6692a6d18e0cfa8bacb08c1ccc305ee60c7c97eb8a543fe4923a6535ae0

    • SSDEEP

      1536:ZpYpbLoPFd6rqUU6f5fKiPojZvHLvDIOwZs2uJsR8LbvvtdHD+K9qI2qfiY:ZQo+pKiPqLDIhv2L+Izfr

    Score
    10/10
    icedid2745070743bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid
    behavioral6

    • Target

      also/on.gif

    • Size

      30KB

    • MD5

      6e7488150b4f46f9544604cb0a2d075b

    • SHA1

      7f0e90950211125a40f18ef87f9c708161bf382d

    • SHA256

      4fb89bdfe31b76ef1862a4a75b62227f7a25b505610b6455f56425b1ddf6d5b7

    • SHA512

      f7a1fb2c1082ce154dd9828e9732574114c2bfe833da9c81bcc603977d11c2a996c9f85400a58dab3706a82ca5fc06d74ad5008cf41f77420da9eb51d7baf07e

    • SSDEEP

      768:xZVLAgjXFlEndSJ4Oa72reCzkLSLUa8xQyFnnWe:xvfDFMdSJpaireCzkLSYNxQy57

    Score
    1/10
    behavioral7

    • Target

      also/there.gif

    • Size

      19KB

    • MD5

      55d8018603e642fb5082e472d8860fef

    • SHA1

      d45d8626dbda480efd3329c1755519ecb983ccf1

    • SHA256

      9b10ddd47a7b1d4bfe0c59cd040b4cec491f54dc4803ed8a5ae1a1fb6fc84d69

    • SHA512

      92d08800a6cd42546c18b09e52e4c00c327209a7130e717e5ea5f0fe268abe92b709b3d9293fd8f7cee649dc05c4013f091ecb04a0a6bd9186856e0fc682f261

    • SSDEEP

      384:4KGWO0wA1447cxSJm6MqEAhGTZJB7VMX9Dn6UnnKuNfmjG:M0w0Z4SoDTZVOLnnrEjG

    Score
    1/10
    behavioral8

    • Target

      also/what.gif

    • Size

      28KB

    • MD5

      2fba2991550314b7e0f0444857ceafce

    • SHA1

      3bd82e03b9188f4739fe9e9274e10c8a7a9a9351

    • SHA256

      e66882ebcfd63a958d1c1d09eae886b7985a0161acea748e7336822eebc2d7d6

    • SHA512

      ffaacde655bb5aec56bc79848d365e3e760f03325304fe2cbefd6e9b9008b963e07ad88c94b9be03d457053275dcaeaa2163e521ff12f69c4e3cee6efa8ebe6c

    • SSDEEP

      768:S/4MmAmbY+9pGCI/l24zvbtCDSAv6pPwO+fZgM1yMNqLemXr:S/MnWCI/l24zztCDSAv6pPsf0demXr

    Score
    1/10
    behavioral9

    • Target

      also/worker.cmd

    • Size

      37B

    • MD5

      ca31d778ae1348c5303a41eb7aff7db2

    • SHA1

      42b5026ebf8f06b7feb7afc25e3d2a3feb9786b7

    • SHA256

      7807d8a39d8eff1f69a77220ac2105a5149c19fb5d0a8673f3cf1e127b7b43ee

    • SHA512

      cc7b3498d6e442cf18ac52a27c11d868f11e4bc90b2b8243c2feeee8f9e135c9f5c6a1de746a96dc470ed8bde21afe51bd712a96ee34cf0e7da891a2057c4581

    Score
    1/10
    behavioral10

    • Target

      also/worker.js

    • Size

      596B

    • MD5

      b831d812278417ea694d047196ebd48f

    • SHA1

      19a115e555e0377f408b53a3fefe473110ad784b

    • SHA256

      f86e32aa7f4792678a29f9cebee103afc9461991a6e49580263c7620295b1928

    • SHA512

      082c4b6e0b0b462571daedc10e4404f96acc0eca2cf623f2741f591819fabd652955e2a45bbf007c71d666eec09c2c5080073dfb05b3a5accdc5cc4892aa23ec

    Score
    1/10
    behavioral11

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks