icedid | 412a340385c3040dfbc50eea3a572f6eea0d659f5eaa6e45bee04827a6749464 | Triage

Sharing

General

Target

file
Size

390KB
Sample

211202-2myl7afed7
MD5

3c67a89ba32f8869d29f60c59dcf3e3b
SHA1

bdb098e18bb3f39d44beaadaf70ec507d2265775
SHA256

412a340385c3040dfbc50eea3a572f6eea0d659f5eaa6e45bee04827a6749464
SHA512

66ccb6fb1ba53c6eacbbc7b909e7e45b99cb4c1d32c830d31d474fae46548854bc773ff636dd1104b112f96cc4491070ca73a94b312f3ef63c9030a4aaa0030c

Score

10^/10

icedid 3412078469 banker collection spyware stealer trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3412078469

C2

billiwilli.top

zasewalli.fun

commerciallim.top

domalipfo.top

Attributes

auth_var
13
url_path
/posts/

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  a18217c66f888e9ba03a1850b29948dd
- SHA1
  
  c8c9070b7f95b9c7db163de0132becba1b8345d4
- SHA256
  
  96691d08242d35ab24a0f642d98e121ed9bd03051d4e0465924f0cd6b5e07514
- SHA512
  
  76a8533ab61a7899a86364a259ffc46a73d577fe8a01018f113d1be7b331049dd88243c0afaeeac5c6f37fe70ed678a538e2809631718f4ddfc5010116b54ba4
Score

10^/10

icedid 3412078469 banker collection spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  jacket-32.tmp
- Size
  
  115KB
- MD5
  
  f22f40ff1bc90d3c537f0f3ab2833022
- SHA1
  
  117e3ee27b9b94ef482eb2788dc88a4b5b58ffad
- SHA256
  
  1b3bb00e8340fbed698b4817efc16d3e0232a06a0a40dc4bd247b0dfb4bd5f20
- SHA512
  
  05191e0c7fbea12fed9197174a11c2d8541596788cf93470647250cb238df87e6955fd3b10018d4fa022a42a274b596764365537d4a4761fb5c336368a9be52b
Score

10^/10

icedid 3412078469 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3412078469bankercollectionspywarestealertrojan

behavioral2

icedid3412078469bankercollectionspywarestealertrojan

behavioral3

icedid3412078469bankertrojan

behavioral4

icedid3412078469bankertrojan