icedid | 210b39ce21262cd43ce68ebf8b0163f8149dba50cd1a2c6997e0b810592fd9d0 | Triage

Sharing

General

Target

file
Size

410KB
Sample

211202-phqpkagafk
MD5

1ffe53381040ba466789ae51f6ae95de
SHA1

1f2ce8f745ad03fd6e506203631a2d2fdd47a046
SHA256

210b39ce21262cd43ce68ebf8b0163f8149dba50cd1a2c6997e0b810592fd9d0
SHA512

08ad20681c648f7161a62ae2a89a66808dddcdbeb06dc853b3bb053166df2c85a8e2c19d1cd291303b2e2cdda35f8b405ca017b5f22adb0b9291320e043b47e8

Score

10^/10

icedid 1892568649 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1892568649

C2

normyils.com

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  cd7a0b405869b98028d7ede99337938b
- SHA1
  
  bea9faf1d948b6e98d162b244ee27deac433005a
- SHA256
  
  56ac6b71c2d627d4513098b463a090799ec29c481c004c14d77c2f4e4b30eb77
- SHA512
  
  8706014489aef497ec8061c7742d83f80ca4ae184e46ee9e8d8314e3c346c458a2f286204b1fcf0ac8249e27b13725988b4ccbe82ab8e032fe36b42c902e8c74
Score

10^/10

icedid 1892568649 banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  unveilx64.tmp
- Size
  
  266KB
- MD5
  
  3ae61ec5765cc564636444ef50074090
- SHA1
  
  ad6cda28825457fa1768aaec6bb4971214cc5508
- SHA256
  
  2c2552940a660ce57eb5527be40f4f139dbf862306cf08c90743a9f22d2cb15e
- SHA512
  
  28d374770b8099d7e25473a88fbd06cc44b1f03cf818504d643b1fe5951bb9761630dde9691bfc5d2fbaf56368fa4010d7b5108d1d8148d20cc712555cee6464
Score

10^/10

icedid 1892568649 banker trojan suricata
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1892568649bankersuricatatrojan

behavioral2

icedid1892568649bankersuricatatrojan

behavioral3

icedid1892568649bankertrojan

behavioral4

icedid1892568649bankersuricatatrojan