icedid | adb765a241be6fcab34cc7713fb7dfc60357238979d3a614f1ac24b23ed9f147 | Triage

Resubmissions

05-11-2021 17:23

211105-vx8rkscdc2 10

05-11-2021 17:22

211105-vxp98shfam 10

05-11-2021 15:51

211105-taygnacbg7 10

Sharing

General

Target

core.zip
Size

389KB
Sample

211105-vxp98shfam
MD5

784c1596fdb801ea4932fdea366880f7
SHA1

d60411ea2a461f0f178df0d54b86aa8dd2fb26f1
SHA256

adb765a241be6fcab34cc7713fb7dfc60357238979d3a614f1ac24b23ed9f147
SHA512

7b1bd6397309b91cc563c3857f92ec6b2acfe9ed181ad4eb2b08bbe7d59e7acb2920bdf35c85556c811e6d1c308a4b7b16171be3614fa4e0c9bd7606110bbb20

Score

10^/10

icedid 1217670233 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1217670233

C2

lakogrefop.rest

hangetilin.top

follytresh.co

novemberprosse.space

Attributes

auth_var
13
url_path
/posts/

Targets

- Target
  
  core/cmd.bat
- Size
  
  191B
- MD5
  
  cbf387299b88a84f4f6a489cb03991fa
- SHA1
  
  82473cfc0772307332792985c7c48e70ace771e0
- SHA256
  
  4b7784db765747109d7b64d3e272ddfc16c876698d778bffec4fd9751d3d246e
- SHA512
  
  21ca0de188fa1f8d90dc68b091ddaa64a4e602e7b2aef7de004d3aff72dd888abcf504b4482bbd7a55d3f62a63a42569362a51f57c867a2551f4640bcd5ec556
Score

10^/10

icedid 1217670233 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  core/juice_64.tmp
- Size
  
  183KB
- MD5
  
  04b4919555e2a4917a88ab1333e63faf
- SHA1
  
  54ddab99969c284c87553dcab7c81894571032d8
- SHA256
  
  637a4abd6dfa98a4cd4b6cf9be7a9110e47e5fbd7dede2f4fd6a60a0ab1296cc
- SHA512
  
  e8dc38e248dac1e7e12984f05a85bc6ff3fd8b08589fc5b62fb7b8e8ab92c57550c933e2865bdd7e2be18c8399192b123f981d91728d742b2e4e191bd96721f9
Score

10^/10

icedid 1217670233 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

icedid1217670233bankertrojan

behavioral3

icedid1217670233bankertrojan

behavioral4

icedid1217670233bankertrojan