icedid | f51d86597b5b4ad8d8f7c13e15e6569927e243bcaf5ad0c7b26abfbb5a689792 | Triage

Sharing

General

Target

core.zip
Size

223KB
Sample

210713-zyw32jb5tn
MD5

6d0a6abc05eae462eedf75ec99f2ec36
SHA1

a73ab78300370c33c26e2f8f679012b85f9686fa
SHA256

f51d86597b5b4ad8d8f7c13e15e6569927e243bcaf5ad0c7b26abfbb5a689792
SHA512

a36de2515674b8b7cc50664dea5a78816aef648fa4881ef394f82d91f911d0fa2ca53f90396f2d577707f8209d268fcc946d860ebbc6e2a764456fa1f9613882

Score

10^/10

icedid 81538452 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

81538452

C2

garrozalibbo.click

disponfirules.top

mislinororv.top

twistcolseza.top

Attributes

auth_var
8
url_path
/news/

Targets

- Target
  
  core/cmd.bat
- Size
  
  185B
- MD5
  
  4bbdb9c9bcebb80825e556fabdde6594
- SHA1
  
  6f445bffc26058aaba8b1e7a18cfd9a54e912543
- SHA256
  
  e74a51c4c4c7c1cda6de165bd18d4eac222e3d0305e49305f30dfdf144afe1e2
- SHA512
  
  49f30deaefcc995f333d0c9b480612f5135c5aeed344df651e87e066ba1b4e88039dfff0425a5f059f09fa42583e79bc94a1526d718fea73f0b32f63b5a00577
Score

10^/10

icedid 81538452 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  core/time-.tmp
- Size
  
  158KB
- MD5
  
  33972562e7ef11b95fc2066d0e331b29
- SHA1
  
  da0846c4f24d8cdfd119c457b7893831691716a3
- SHA256
  
  9f65ec5d7b190320d7672b028a8292ad7673b89983b896711b56bf85b6edf35d
- SHA512
  
  c5f0d3430ecc0444887bb2154979343d9ac0268b7d1c4ab324955aa4384fa9f2fcd99539b77cf903d731f95f8fc91b772c313016217c8d567ee8e141095e0e55
Score

10^/10

icedid 81538452 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid81538452bankertrojan

behavioral2

icedid81538452bankertrojan

behavioral3

icedid81538452bankertrojan

behavioral4

icedid81538452bankertrojan