icedid | 4eb2f8ea59796720f540e2507cf48f9b864ee5e19a8746b70c9b3bf78d485476 | Triage

Submit
Reports

Overview

overview

Static

static

1.xll

windows7_x64

7

1.xll

windows10_x64

Sharing

General

Target

1.xll
Size

38.6MB
Sample

211215-rd43haaegm
MD5

796da0af100f24a86410c3a31902dd8e
SHA1

4e4baee5983b63fab9fdaa3fde8007ce3f7bc789
SHA256

4eb2f8ea59796720f540e2507cf48f9b864ee5e19a8746b70c9b3bf78d485476
SHA512

d05d22ed4d8c3259fca6cc7690c2d208ea808d306ba524fa4ab7d83a6da8a5c210fd0c0f42f5dced75a86a53cced62efc9893a469f434906badc7daa3d064d6f

Score

10^/10

icedid 464168897 banker suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

1.xll

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1.xll

Resource

win10-en-20211208

icedid 464168897 banker suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

icedid

Campaign

464168897

C2

demicdefinite.ink

Targets

- Target
  
  1.xll
- Size
  
  38.6MB
- MD5
  
  796da0af100f24a86410c3a31902dd8e
- SHA1
  
  4e4baee5983b63fab9fdaa3fde8007ce3f7bc789
- SHA256
  
  4eb2f8ea59796720f540e2507cf48f9b864ee5e19a8746b70c9b3bf78d485476
- SHA512
  
  d05d22ed4d8c3259fca6cc7690c2d208ea808d306ba524fa4ab7d83a6da8a5c210fd0c0f42f5dced75a86a53cced62efc9893a469f434906badc7daa3d064d6f
Score

10^/10

icedid 464168897 banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid464168897bankersuricatatrojan

© 2018-2024

Terms | Privacy