icedid | ea5b7d75ad746bb3da2710b1f47bc12686d2e0605249e550d37152c3b96a50d4 | Triage

Sharing

General

Target

core.zip
Size

524KB
Sample

210603-a1k4zq8qvn
MD5

6b802d70467b87d604222acaeef96144
SHA1

359989453e07715f90fa1cf03a25be905bf467c9
SHA256

ea5b7d75ad746bb3da2710b1f47bc12686d2e0605249e550d37152c3b96a50d4
SHA512

2c3bb161564b7b7bc42c4248f6f1079c8af6b63d245d3d514a030cea94ab1837c891f81099615f6b474e34d0ef7f5a67aac97ccdcb3df8a9f406538f6a4ae54e

Score

10^/10

icedid 987543880 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

987543880

C2

fimlubindu.top

vindurualeg.top

bigcostarikas.top

extrimefigim.top

Attributes

url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core/cmd.bat
- Size
  
  188B
- MD5
  
  aaf3344e0ffd2d793fa2ad9f45619f73
- SHA1
  
  ea2bd028a270c4f0b49a3467fc24d57c4c70a572
- SHA256
  
  c2f4a2de50f7d98fcab5be05497088edc827035d13a8d252d7a0b73027554c24
- SHA512
  
  8284eabe533076569e581d064be88168caed93572d2d242188d0bfc3f357327d61a9520e1a2c727c18776f13f16945432e57246b2410faf70a85b884d86cf65f
Score

10^/10

icedid 987543880 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid987543880bankertrojan

behavioral2

icedid987543880bankertrojan