icedid | e9d773366bcb19d4f69a9996c8eab48bdf7fb51097cf1613d8705b9c25dfe263 | Triage

Sharing

General

Target

sentence_x64.dat
Size

83KB
Sample

211125-plz3eaaea3
MD5

10d53f2baf0cc1321090e01201be84ab
SHA1

153931308c62f6104d7c55c5690ed952833af6ac
SHA256

e9d773366bcb19d4f69a9996c8eab48bdf7fb51097cf1613d8705b9c25dfe263
SHA512

435451c84aba99d9b80c304a37e00eadc7bc11c583bc10c6c45e18a37fc223815218b8877cac1db079983b7ce696a03f487bd501bc7e32815e02335995616e00

Score

10^/10

icedid 1217670233 banker persistence trojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

parkerrsberg.site

2sekillo.pw

subdibermarine.pw

zoplasure.top

Attributes

auth_var
2
url_path
/posts/

Targets

- Target
  
  sentence_x64.dat
- Size
  
  83KB
- MD5
  
  10d53f2baf0cc1321090e01201be84ab
- SHA1
  
  153931308c62f6104d7c55c5690ed952833af6ac
- SHA256
  
  e9d773366bcb19d4f69a9996c8eab48bdf7fb51097cf1613d8705b9c25dfe263
- SHA512
  
  435451c84aba99d9b80c304a37e00eadc7bc11c583bc10c6c45e18a37fc223815218b8877cac1db079983b7ce696a03f487bd501bc7e32815e02335995616e00
Score

10^/10

icedid 1217670233 banker trojan persistence
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Sets service image path in registry
  persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1217670233bankertrojan

behavioral2

icedid1217670233bankerpersistencetrojan

behavioral3

icedid1217670233bankertrojan