icedid | 42c0472e0b339aa985294f023b09df0fcae3c1bdc4760bbd0a39e749a2972df3 | Triage

Sharing

General

Target

file
Size

390KB
Sample

211130-w9ly1sbah8
MD5

01e9c5943cda870d4cc0ce19a1b3499f
SHA1

f9635a6cf58ca012330f77f9acc4fb4c7a80c1ff
SHA256

42c0472e0b339aa985294f023b09df0fcae3c1bdc4760bbd0a39e749a2972df3
SHA512

01df1ee635641237292bfa0acb31b4fd93be36eec1b86ea5c6a79421068ea70ed5e23c3e5cf92d15ae249204445a6427fc29baffefa9d021fbac4ff13197d0ac

Score

10^/10

icedid 1217670233 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1217670233

C2

lakogrefop.rest

hangetilin.top

follytresh.co

roadswendy.top

Attributes

auth_var
18
url_path
/posts/

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  94945bb60fcf9ff32481147e47dfc747
- SHA1
  
  de3857dff6082d22de36c77968167d157a4e1352
- SHA256
  
  dffb0976f376bd528e228b195d5eba41acb3a5a6adf2acf7dc5463d6ff91da6f
- SHA512
  
  1b090a1ceff4fbd41a1a7ab263f40efa6e38db138a9764e60872647eec384676553e391e2d18418dad5d65b611ef374476a8c0de0d9e3b351e0a4619f75b4d28
Score

10^/10

icedid 1217670233 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  middlex64.dat
- Size
  
  119KB
- MD5
  
  e5407acfe1ba6b264851752751bfdfc7
- SHA1
  
  7534d5b6a43064cfd1677091ad39ac7b6099b292
- SHA256
  
  ed4d19d3536e4c968425769edfad39459e7edf3ae7bc0246cc2163f656e85d68
- SHA512
  
  b470f9e2721b008e7fef10069443082f70f04f200dccad3166d3f7252aa98ba9cf7649201651c5e65f33c3e6bdd6ee2279a0500c4bc34aea304513ac442658fd
Score

10^/10

icedid 1217670233 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid1217670233bankertrojan

behavioral2

icedid1217670233bankertrojan

behavioral3

icedid1217670233bankertrojan

behavioral4

icedid1217670233bankertrojan