icedid | 6c5a79a54cb680ed06f1a057facbeb78088e9c28870a96b015856e490b718d10 | Triage

Sharing

General

Target

file
Size

390KB
Sample

211201-p6157sfcc6
MD5

1c7fdb0b5b9d235e494cea58137f3c53
SHA1

0b95828440971694da3ecd0cb10723502897cf53
SHA256

6c5a79a54cb680ed06f1a057facbeb78088e9c28870a96b015856e490b718d10
SHA512

f9a3f3e4efbadcdaed845581b572dc03d6cc12a9a918a3a84223b1862ec76f9b37db8407a10f4c29c13a72f9d3b431f5fae748105ea024e146397bd8fa42499d

Score

10^/10

icedid 1892568649 banker collection spyware stealer trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

Attributes

auth_var
10
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  3d8324a955312a7ffcb44b35919f59c7
- SHA1
  
  9fd77adcf0405680c06963c576e192c58561ca5d
- SHA256
  
  743953ecd93245846c2c8b44b9d6c7c5a7a98cba40631102ed5f77d9189df934
- SHA512
  
  deb56530f203f064e7b8c65ae361185d1c734ba3d542f9e47f33224898e6426c918bf860951f4c6c6a51c56ebf328e7b1067ee9494d97e189ee2adc5890c6fbe
Score

10^/10

icedid 1892568649 banker collection spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  excuse64.dat
- Size
  
  113KB
- MD5
  
  536632a5b6a1cc4b633a4ac6cbbc50d2
- SHA1
  
  2657fbe364ed295c49beece438a9d37c2f0469dd
- SHA256
  
  2e71372399e5856b9905a9ca13815ab6a0ab8925a2f8a0b0831b17e5b55ec0f3
- SHA512
  
  bed289efdb8bfcd68d44d2cb13f0430e6780476a208ada4258f1dacf492c46336da295e4690f2b691793610e124d29bee5444af4aeeaadc9a6e6e094e7d4b87f
Score

10^/10

icedid 1892568649 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1892568649bankercollectionspywarestealertrojan

behavioral2

icedid1892568649bankercollectionspywarestealertrojan

behavioral3

icedid1892568649bankertrojan

behavioral4

icedid1892568649bankertrojan