icedid | 512b17c540c622e90879c8f382013187f6053a858381364367c258639b34b21e | Triage

Resubmissions

23-06-2021 14:18

210623-fa6mx24cr2 10

08-06-2021 15:18

210608-pctrrzna4n 10

Sharing

General

Target

core.zip
Size

349KB
Sample

210623-fa6mx24cr2
MD5

d86fa85a9902573abc91b7bc80c96e1c
SHA1

1202c844cf83f8605380e6b5754b619a7de3a67a
SHA256

512b17c540c622e90879c8f382013187f6053a858381364367c258639b34b21e
SHA512

05d6becba206748c1d4440ce5766e5265a2d8f0746e858b61d314b390bd5ad8e1d5be94c0bbfd3b4b84ae5cd6e3ae4ac63e084379dea824731a6431ce4a77be5

Score

10^/10

icedid 987543880 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

987543880

C2

fimlubindu.top

vindurualeg.top

bigcostarikas.top

extrimefigim.top

Attributes

auth_var
8
url_path
/news/

Targets

- Target
  
  core/cmd.bat
- Size
  
  188B
- MD5
  
  18922a31adfef9144b9c68694a211b48
- SHA1
  
  1e63fbb6511e15ba07f555c11b2a05d63e49b5a3
- SHA256
  
  68867aec1fd8a6eb416081c747705e847de95c033f5b38eb57ea575c69397210
- SHA512
  
  573349edbae1baf769457402c65670b9d76facec7c056010a7b2a556d433d9176418cd4a2a39dd04654c3c4216019d27d47e15a6c1fd4f4fdcc57d5f98664a4a
Score

10^/10

icedid 987543880 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  core/genre-64.dat
- Size
  
  48KB
- MD5
  
  1a90ea27cf944e04b70ca2f3c92ab6d9
- SHA1
  
  3cdb8c31496d5de43fcd627077f98a5548a22627
- SHA256
  
  039a59bfb6b07872a7bba707045f9639d029c2009b4c4297af1526cdaa07d479
- SHA512
  
  a41b590e5b2b1bcf1c6e5db066b74eec41e29976a2193e2bffc0f96571888e86f44197e813dd78f8814e752b70466e18622c27ea050ed954b2bf639157fac535
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid987543880bankertrojan

behavioral2

icedid987543880bankertrojan

behavioral3

behavioral4