icedid | 11a3c2f9bfa57c07f1a8fd8afe0071f775ccde87e3abdfb5f8f06caf3d18435f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

11a3c2f9bfa57c07f1a8fd8afe0071f775ccde87e3abdfb5f8f06caf3d18435f
Size

185KB
Sample

211026-t7n99aaadr
MD5

6b3b05d88c27ebec4effcdf9ce592de0
SHA1

e83041739c36aa198acd7dbbea1e64111fb0c38b
SHA256

11a3c2f9bfa57c07f1a8fd8afe0071f775ccde87e3abdfb5f8f06caf3d18435f
SHA512

7abd5037008f5b6245190d5b7eae7c2aee79e7978bb88ba6032fb1d775b79792d3c21bea6d51f5380ec52ce91d1d34e5e127844490767e3e35f2a988e9447fd3

Score

10^/10

icedid smokeloader 1976347518 backdoor banker suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

11a3c2f9bfa57c07f1a8fd8afe0071f775ccde87e3abdfb5f8f06caf3d18435f.exe

Resource

win10-en-20210920

icedid smokeloader 1976347518 backdoor banker suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://brandyjaggers.com/upload/

http://andbal.com/upload/

http://alotofquotes.com/upload/

http://szpnc.cn/upload/

http://uggeboots.com/upload/

http://100klv.com/upload/

http://rapmusic.at/upload/

rc4.i32

rc4.i32

Extracted

Family

icedid

Campaign

1976347518

C2

portedauthenticati.ink

Targets

- Target
  
  11a3c2f9bfa57c07f1a8fd8afe0071f775ccde87e3abdfb5f8f06caf3d18435f
- Size
  
  185KB
- MD5
  
  6b3b05d88c27ebec4effcdf9ce592de0
- SHA1
  
  e83041739c36aa198acd7dbbea1e64111fb0c38b
- SHA256
  
  11a3c2f9bfa57c07f1a8fd8afe0071f775ccde87e3abdfb5f8f06caf3d18435f
- SHA512
  
  7abd5037008f5b6245190d5b7eae7c2aee79e7978bb88ba6032fb1d775b79792d3c21bea6d51f5380ec52ce91d1d34e5e127844490767e3e35f2a988e9447fd3
Score

10^/10

icedid smokeloader 1976347518 backdoor banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Drops startup file
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedidsmokeloader1976347518backdoorbankersuricatatrojan

© 2018-2024

Terms | Privacy