icedid | 15e48916e0b93a31833124bf9229ed65cd8a4194bfd77c1f81fba8ea8de14462 | Triage

Sharing

General

Target

file
Size

380KB
Sample

211118-1h3vnsagh5
MD5

2ee69fa8d438e09843677ddf714b1a74
SHA1

bcb8406af5e6287160406c79f7d257724c265754
SHA256

15e48916e0b93a31833124bf9229ed65cd8a4194bfd77c1f81fba8ea8de14462
SHA512

4e4d008740c01b525df63e49481bb9c15c130c58ed47d08c2eda2d8957863c03e02c6d9f3f07644810355e669dd6a2e161822a4a553ce1915a049ea595e06294

Score

10^/10

icedid 2237127122 banker collection spyware stealer trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

2237127122

C2

lokidasterreno.site

onmentalsocio.top

burgomustopr.rest

lopityr4.pw

Attributes

auth_var
2
url_path
/posts/

Targets

- Target
  
  core.bat
- Size
  
  182B
- MD5
  
  63576ba479ae61e2de46ac073ca881aa
- SHA1
  
  4b6b8bee793ebd7adcd83203592d7864221378aa
- SHA256
  
  754e8df4cf961cbc099177d841f6acbfaf8662142a0e4428e175d27e8d518adf
- SHA512
  
  cd9a0a936a60e746cd429ac292fa803c5a3bfb5d5a3862d3d4c5b798539e9a21c5ddb4205cc6e83de2fb7800dc05275f90cfa9975346b9ab6f4bd3c271e8c884
Score

10^/10

icedid 2237127122 banker collection spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  tankx64.dat
- Size
  
  68KB
- MD5
  
  29780ffeeb8ec97a14cc30b66e59dd48
- SHA1
  
  d12c4fcdd718a5aa6166db868b969481feddd5ec
- SHA256
  
  c9030ecdef873b6a72452bfdbe2ced84e96ba065af335da91bcb75369e945c1a
- SHA512
  
  851f2547bc5ecc672a1510291062b68cbd17245fc4ec76441b5dded99307403c89bd0cb204a901a8b0be09e71bca92e0846f67d58b0d68ee29f7d94aa67c77b1
Score

10^/10

icedid 2237127122 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2237127122bankercollectionspywarestealertrojan

behavioral2

icedid2237127122bankertrojan

behavioral3

icedid2237127122bankertrojan

behavioral4

icedid2237127122bankertrojan