icedid | 608e75d13e439f0578cd157b7be52cc8718d853ff80746abb7066977efc86be6 | Triage

Resubmissions

22-02-2022 16:11

220222-tm7absbhgj 10

17-02-2022 11:08

220217-m81w4sbah9 10

Sharing

General

Target

file
Size

716KB
Sample

220217-m81w4sbah9
MD5

d11b33842a24e8509f51f4f1277c3b6a
SHA1

d555b0354a8fc2dd6f19f47a9fed0571eec13817
SHA256

608e75d13e439f0578cd157b7be52cc8718d853ff80746abb7066977efc86be6
SHA512

1876391b5bf20f3915d1de46e88a955cc9cda46ff46c2a91b8272564fc82fec5e96e5c3c48fa4ecfbda0782328c15570594a8db62055d4dbe93b80cd7051bee0

Score

10^/10

icedid banker collection spyware stealer trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  188B
- MD5
  
  71bf630eea233e549a19dddb5a6b7d03
- SHA1
  
  b93329214e0a9b9ab3af6fc553eb5a5c3601e009
- SHA256
  
  b1614b1134030c9b6f1a2210050697f4f30efd8f5126a6ad735e9ae82ecc6b5b
- SHA512
  
  08ffe8caacfe203e559f6a05cc07d4af603c7d081a18d46fc7c56966f3a2be7122392eef26b518540fa1c9cb43d7b206dd47140addcc2b271081c6332ca5fa46
Score

10^/10

icedid banker collection spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  hockey-x32.tmp
- Size
  
  600KB
- MD5
  
  d57ae8808de642951d1cf73b71d8ea7e
- SHA1
  
  9c5f8487eb32dc317839e6d86e99e4a67511c792
- SHA256
  
  1e343f7a94fdaa070f555e65761c846bd689f64fb8126f42feaf924fa5cea00a
- SHA512
  
  8408f669383eb610f5373eb2e43b9629246f57174018eb34ba7e886251058efa4f85c433dbbc464eeefab9c0ec3fcddb649dc87b806c2a3222e69d580f910919
Score

4^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedidbankercollectionspywarestealertrojan

behavioral2

icedidbankercollectionspywarestealertrojan

behavioral3

behavioral4