icedid | 81e1fa45f636b33fd145267c44ee8c157208c24ad88a1c1d6d7f4d8c1c18bee3 | Triage

Sharing

General

Target

core.zip
Size

360KB
Sample

210525-dxl1sawnra
MD5

c6c2f13a01744d79ee96015f1011d1d1
SHA1

417fa3329ed0289e49b5582b344db5f1354dd4b1
SHA256

81e1fa45f636b33fd145267c44ee8c157208c24ad88a1c1d6d7f4d8c1c18bee3
SHA512

4701a857f6ac915187ce08b821b6ab996f3b56f9418cb9ec92fa69af91844f05a498d3cf4f816f9f8f936ef56cdb6832bcf370fe4abe8ad87f818227b32aaede

Score

10^/10

icedid 987543880 banker spyware stealer trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

987543880

C2

fimlubindu.top

vindurualeg.top

esaquell.website

extrimefigim.top

Attributes

url_path
/news/

Targets

- Target
  
  core/cmd.bat
- Size
  
  188B
- MD5
  
  79b6a4cecfb4fde6a71711fa4f73f380
- SHA1
  
  6f53e66f1c6dbe62849b9c36a48cd7c642de7d97
- SHA256
  
  8bbbeff5c9130e3d9a960cfb248f25afd2edb8e44c8f6f48b710156fbffa1370
- SHA512
  
  0bc26075a5c4858709fa957abe12e6bb62e263f9a90ec1eb6c90b53f3b3a5a6a27cde679819944b0aef9939f1106373add4041a8141ae5ae9d22ef0d91ea4db1
Score

10^/10

icedid 987543880 banker spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid987543880bankerspywarestealertrojan

behavioral2

icedid987543880bankertrojan