icedid | e95d92772e18190dbde834744c74aa2ab7fda3b01e1ca839fabb8a4285b4e148 | Triage

Submit
Reports

Overview

overview

Static

static

e95d92772e...48.exe

windows7_x64

e95d92772e...48.exe

windows10_x64

Resubmissions

10-05-2021 11:09

210510-cdf8nml7an 10

Sharing

General

Target

e95d92772e18190dbde834744c74aa2ab7fda3b01e1ca839fabb8a4285b4e148
Size

1.6MB
Sample

210510-cdf8nml7an
MD5

16a11f50f6925fca61040f2e0a834b89
SHA1

4179ea5b096750082e177dddedf3a46f1576ef91
SHA256

e95d92772e18190dbde834744c74aa2ab7fda3b01e1ca839fabb8a4285b4e148
SHA512

309b46e3e09e77a96a3ecc06a06a62fc7111e15383aefb8eed8c9be11c700774749d55f6dd7e2fb172bc74525a52c888e9aac6c49b217e4a0bc3b247676a075c

Score

10^/10

icedid redline 687839456 banker discovery infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

e95d92772e18190dbde834744c74aa2ab7fda3b01e1ca839fabb8a4285b4e148.exe

Resource

win7v20210410

icedid redline 687839456 banker discovery infostealer spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e95d92772e18190dbde834744c74aa2ab7fda3b01e1ca839fabb8a4285b4e148.exe

Resource

win10v20210408

icedid redline 687839456 banker discovery infostealer spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

C2

zastaredan.xyz:80

Extracted

Family

icedid

Campaign

687839456

C2

icouldmakeyoubelieve.top

Targets

- Target
  
  e95d92772e18190dbde834744c74aa2ab7fda3b01e1ca839fabb8a4285b4e148
- Size
  
  1.6MB
- MD5
  
  16a11f50f6925fca61040f2e0a834b89
- SHA1
  
  4179ea5b096750082e177dddedf3a46f1576ef91
- SHA256
  
  e95d92772e18190dbde834744c74aa2ab7fda3b01e1ca839fabb8a4285b4e148
- SHA512
  
  309b46e3e09e77a96a3ecc06a06a62fc7111e15383aefb8eed8c9be11c700774749d55f6dd7e2fb172bc74525a52c888e9aac6c49b217e4a0bc3b247676a075c
Score

10^/10

icedid redline 687839456 banker discovery infostealer spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

BITS Jobs

Privilege Escalation

Defense Evasion

BITS Jobs

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedidredline687839456bankerdiscoveryinfostealerspywarestealertrojan

behavioral2

icedidredline687839456bankerdiscoveryinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy