icedid | 987c914357dc4fb63cc1b7fa76b7a4ee598ec8fcbec3f52ecf668017061d99e6

Resubmissions

22-02-2022 16:10

220222-tmhlzabher 10

22-02-2022 15:50

220222-s98w1abgbn 10

18-02-2022 16:30

220218-tz5bhacfh4 10

Sharing

Copy URL

Twitter E-mail

General

Target

file
Size

682KB
Sample

220218-tz5bhacfh4
MD5

bdb7436901544cf6dea91831cee1d362
SHA1

b58316cdf46507ac5b0ed539243ecb8c8d8b9f2b
SHA256

987c914357dc4fb63cc1b7fa76b7a4ee598ec8fcbec3f52ecf668017061d99e6
SHA512

6f610fd1b02ef4d73876fb25981e2c0b5f3f04c032c806f3d21bb0a9886a69d484d54b4fe5fcbc175ea2b301b6c062c446e73dd860bcaff6415e3743be374c0d

Score

10^/10

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  03c55a40355cc8cb2c4af585e4a11973
- SHA1
  
  207f004ca7a37ef43dded36dfd4cfa7e301f16f1
- SHA256
  
  e59c7732e2cbb40e8bc74f3fd5a59a578d56322410f42234189939ff33b4f015
- SHA512
  
  a842f632ef1aa91dafa75634a692f55e74097378fd48b7265c39366de656f45441d54822eddd0c66523f3e78c13840adfbc500b9622d7bc74415fac6b1181aa3
Score

10^/10

icedid banker collection spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

IcedID, BokBot

Blocklisted process makes network request

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2