icedid | 575f021bea9fcfc56c949fa31a99c169e1d7fda97d323f31a47085542ecb8636 | Triage

Sharing

General

Target

file
Size

380KB
Sample

211124-2hecrahae4
MD5

06634df65d6057b040a9e57622a40840
SHA1

7ccc520c0817ba32c5aeb4fa4014c40edb3954a1
SHA256

575f021bea9fcfc56c949fa31a99c169e1d7fda97d323f31a47085542ecb8636
SHA512

c31aba38da64b332bd46d399cb997a7f54ce35fe10873c29e51c6f93e106f0af85fd17d031bc0c6e94b384232c242dbad53db1afb1ccf379861777a2572630d8

Score

10^/10

icedid 1217670233 banker collection spyware stealer trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1217670233

C2

lakogrefop.rest

hangetilin.top

follytresh.co

roadswendy.top

Attributes

auth_var
17
url_path
/posts/

Targets

- Target
  
  core.bat
- Size
  
  188B
- MD5
  
  c60fcda7f2ccfaa8586b34e15a9a891a
- SHA1
  
  cd1900e98d96d059c55e050b424819359e4d6b3d
- SHA256
  
  f5499decd56ff563a4a54d7bdf89b866fd1013faf0f13eb1b6489fa162a65b8f
- SHA512
  
  57a996066e3a1fff7a3da1a9890dcce6b04bcad00f3bc92bf14612866ba60c170335ae6d81ca75a24cc6ea8d692794aceec80b2794a67cb8b67c54436c4e08d7
Score

10^/10

icedid 1217670233 banker collection spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  donate-x32.dat
- Size
  
  67KB
- MD5
  
  06c6f61d2c16cb465767692e5e7b332d
- SHA1
  
  713bacf4f6689471c5a41662120264c73a79446c
- SHA256
  
  83f97f8f87237deba89ef2b16218f28f22cf36f2674d2d4f2f2af4faffe4c8df
- SHA512
  
  7044ae7f8393c95529225f734d61c112aa1a0a1ab0d1d491478a2a1ea44fa24b13b120578f9da41ea4040f476b7207340196273b84679f2df71411e5351d9c97
Score

10^/10

icedid 1217670233 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1217670233bankercollectionspywarestealertrojan

behavioral2

icedid1217670233bankercollectionspywarestealertrojan

behavioral3

icedid1217670233bankertrojan

behavioral4

icedid1217670233bankertrojan