icedid | 33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b | Triage

Resubmissions

09-12-2021 17:57

211209-wj1dqaeedq 10

06-12-2021 09:45

211206-lrasxsgeh3 3

22-11-2021 13:35

211122-qvrytsfehq 3

Sharing

General

Target

2.exe
Size

177KB
Sample

211209-wj1dqaeedq
MD5

20478d2d2b86e6c8c9da84af39fd652b
SHA1

f9c926efee370218d0d82dd75e703f46355e6018
SHA256

33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b
SHA512

a348e4d5245b6aff3242f02f66415874a6380fa26740ed18ff2e995a87a386acc2e93182066abc3d6e7dc253909ed79099db70209ca38f779adb7fe67c78b613

Score

10^/10

icedid 862604275 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

862604275

C2

nchestothe.ink

Targets

- Target
  
  2.exe
- Size
  
  177KB
- MD5
  
  20478d2d2b86e6c8c9da84af39fd652b
- SHA1
  
  f9c926efee370218d0d82dd75e703f46355e6018
- SHA256
  
  33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b
- SHA512
  
  a348e4d5245b6aff3242f02f66415874a6380fa26740ed18ff2e995a87a386acc2e93182066abc3d6e7dc253909ed79099db70209ca38f779adb7fe67c78b613
Score

10^/10

icedid 862604275 banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid862604275bankersuricatatrojan

behavioral2

icedid862604275bankersuricatatrojan