icedid | 0ef7f2b1ab7ad7e4c3124a981dc4f0ca9bcbbc2194573ae5d678df65fd24c69a | Triage

Sharing

General

Target

879523aa42d9276f72f17f450468a0ab.virus
Size

28KB
Sample

211112-wlgdmaahgn
MD5

879523aa42d9276f72f17f450468a0ab
SHA1

f772c2bf9c24ca62750f69cf6ac605179be85622
SHA256

0ef7f2b1ab7ad7e4c3124a981dc4f0ca9bcbbc2194573ae5d678df65fd24c69a
SHA512

8be1594e6e5f2eb3ad65c61f8d0f9775c287dd4889f778517dd46f432a404626f00b81b82c687ace028576632f9abb4fa94244f7f755e077a4eaa112ff611fde

Score

10^/10

icedid 949083261 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

949083261

C2

kitchenbiggy.best

Extracted

Family

icedid

Campaign

949083261

Targets

- Target
  
  879523aa42d9276f72f17f450468a0ab.virus
- Size
  
  28KB
- MD5
  
  879523aa42d9276f72f17f450468a0ab
- SHA1
  
  f772c2bf9c24ca62750f69cf6ac605179be85622
- SHA256
  
  0ef7f2b1ab7ad7e4c3124a981dc4f0ca9bcbbc2194573ae5d678df65fd24c69a
- SHA512
  
  8be1594e6e5f2eb3ad65c61f8d0f9775c287dd4889f778517dd46f432a404626f00b81b82c687ace028576632f9abb4fa94244f7f755e077a4eaa112ff611fde
Score

10^/10

icedid 949083261 banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- suricata: ET MALWARE Win32/IcedID Requesting Encoded Binary M4
  suricata: ET MALWARE Win32/IcedID Requesting Encoded Binary M4
  suricata
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

loader949083261icedid

behavioral1

icedid949083261bankersuricatatrojan

behavioral2

icedid949083261bankersuricatatrojan