icedid | 8e5bdda89c8ce1942f5e2292f97dbcbcd6ac54f09d24d74a4bd67355eb46e669 | Triage

Sharing

General

Target

file
Size

357KB
Sample

220129-rjaqvaccg2
MD5

83f6d682c1fa3d9d54a0c8cd0ad64712
SHA1

4bf9f2efa93d05111d0a8865776174c0c8c64513
SHA256

8e5bdda89c8ce1942f5e2292f97dbcbcd6ac54f09d24d74a4bd67355eb46e669
SHA512

5257862e16b2b6711277db70b84d8936a3c56b7e3281f3a6f8e0f02b425495cb7b7b4d6e014631b7eb97447754a854cb28cf29c40020b33fae9a361c9e24bd9c

Score

10^/10

icedid 3415411565 banker collection spyware stealer trojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

Attributes

auth_var
1
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  44c632173b60e370595d1079183a06c0
- SHA1
  
  64cb76c484c6afa3585aea4a1ba68239d3d13584
- SHA256
  
  1590cfe165f4f1791fa0b2cfb969d9841effa3183c7c7c4207b0bb201674183c
- SHA512
  
  d4d1bf870a52658e91e1af57149e4ca53b9fda4b49145b8b67721fa9774d5c05a92b4b420e349177a96fad6b18b612620aaec401f9e383fb545467e5b4bd9330
Score

10^/10

icedid 3415411565 banker trojan collection spyware stealer
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  unit-x64.dat
- Size
  
  165KB
- MD5
  
  0d82711ad2aa1c1f368044d5354ebe0c
- SHA1
  
  b583791d4a9b0555bcacfc96cb0a1fdc68a8a120
- SHA256
  
  4ea68de6023502f381034d45795cdfb8eb9d0cd19b8d4b94922075e004d78da7
- SHA512
  
  7ae015a8ea5c3116a607bb6aa7a525b6d08c916102f3da555efbccacdcfa67d88444447a8b4fb4f2648e7de4c9e11334e99326b581f1820cabf034d3f0373703
Score

10^/10

icedid 3415411565 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3415411565bankertrojan

behavioral2

icedid3415411565bankercollectionspywarestealertrojan

behavioral3

icedid3415411565bankertrojan

behavioral4

icedid3415411565bankertrojan