Description
IcedID is a banking trojan capable of stealing credentials.
General
Target
Size
Sample
2.exe
177KB
211209-wj1dqaeedq
Score
10/10
MD5
SHA1
SHA256
SHA512
20478d2d2b86e6c8c9da84af39fd652b
f9c926efee370218d0d82dd75e703f46355e6018
33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b
a348e4d5245b6aff3242f02f66415874a6380fa26740ed18ff2e995a87a386acc2e93182066abc3d6e7dc253909ed79099db70209ca38f779adb7fe67c78b613
Malware Config
Extracted
| Family | icedid |
| Campaign | 862604275 |
| C2 |
nchestothe.ink |
Targets
Target
MD5
Filesize
2.exe
20478d2d2b86e6c8c9da84af39fd652b
177KB
Score
10/10
SHA1
SHA256
SHA512
f9c926efee370218d0d82dd75e703f46355e6018
33fd2f2b2053150f21129807c381d38874c7622d207a8d036782db82cc61455b
a348e4d5245b6aff3242f02f66415874a6380fa26740ed18ff2e995a87a386acc2e93182066abc3d6e7dc253909ed79099db70209ca38f779adb7fe67c78b613
Tags
Signatures
-
IcedID, BokBot
-
suricata: ET MALWARE Win32/IcedID Request Cookie
Description
suricata: ET MALWARE Win32/IcedID Request Cookie
Tags
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks
static1
Score
N/A
behavioral1
Score
10/10
behavioral2
Score
10/10