icedid | 854714aa6bb0d8bd26a5c7ffbc3bcb394c828fdaa169711656e8349979e8b404 | Triage

Submit
Reports

Overview

overview

Static

static

sizeTitleVariable.hta

windows7_x64

sizeTitleVariable.hta

windows10_x64

Sharing

General

Target

sizeTitleVariable.hta
Size

3KB
Sample

210505-9r8r3j9xxn
MD5

89839109321fbc3a3fe65e7ac7a2d04d
SHA1

70d35025dc06c3cfaae47b0ce3cd4883531afca2
SHA256

854714aa6bb0d8bd26a5c7ffbc3bcb394c828fdaa169711656e8349979e8b404
SHA512

2f6a6567b2743575b594f1f06382aed996b7d19aca0946a5828bdf294a6c4ed8e04703eba61344a4a99e0110ba2190d0ae2d1e06cc6eced79cbd565e0f0df740

Score

10^/10

icedid 1386562008 banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

sizeTitleVariable.hta

Resource

win7v20210408

icedid 1386562008 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

sizeTitleVariable.hta

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

icedid

Campaign

1386562008

C2

zasertiokil.top

Targets

- Target
  
  sizeTitleVariable.hta
- Size
  
  3KB
- MD5
  
  89839109321fbc3a3fe65e7ac7a2d04d
- SHA1
  
  70d35025dc06c3cfaae47b0ce3cd4883531afca2
- SHA256
  
  854714aa6bb0d8bd26a5c7ffbc3bcb394c828fdaa169711656e8349979e8b404
- SHA512
  
  2f6a6567b2743575b594f1f06382aed996b7d19aca0946a5828bdf294a6c4ed8e04703eba61344a4a99e0110ba2190d0ae2d1e06cc6eced79cbd565e0f0df740
Score

10^/10

icedid 1386562008 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1386562008bankertrojan

behavioral2

© 2018-2024

Terms | Privacy