icedid | e903d91fbb20cdc5aa801a6e8e6908c3d5611afb7415942a5b15f2c6871afceb | Triage

Submit
Reports

Overview

overview

Static

static

core/cmd.bat

windows7_x64

core/cmd.bat

windows10-2004_x64

Sharing

General

Target

core.zip
Size

685KB
Sample

220218-vsggjacga7
MD5

22d90a67dd155b186a50e9fcc140c6c2
SHA1

6f5f791e334bfab40f1feef3f99144da969da94e
SHA256

e903d91fbb20cdc5aa801a6e8e6908c3d5611afb7415942a5b15f2c6871afceb
SHA512

1b5defdb5c52f922f79a13a08e13e0499fe9650f246a5e75a9f24fb93fd21b08319ec7df8417036032f0f93887fb68abe8428ab8f262c782bd5c59b074626b8e

Score

10^/10

icedid 3560182600 banker collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

core/cmd.bat

Resource

win7-en-20211208

icedid 3560182600 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

core/cmd.bat

Resource

win10v2004-en-20220112

icedid 3560182600 banker collection spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com

Attributes

auth_var
2
url_path
/news/

Targets

- Target
  
  core/cmd.bat
- Size
  
  190B
- MD5
  
  f22a14911b4f160eac74e4df6d950efe
- SHA1
  
  d68827638e8dd21f4da5814979d0c835a6a0fb79
- SHA256
  
  663f8c98f7866d7150385adec8725544d8b95481b6e04a040cf8ff93d5eef50c
- SHA512
  
  d005b35a3d8ec481a562c0439e4b8a4e618cfadb07b6d9ff47ef8ba45466699262e134a7dc69febcbca95e0f3e8b08a66644aebcb3ae1174bce5cec2b61dc864
Score

10^/10

icedid 3560182600 banker trojan collection spyware stealer
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3560182600bankertrojan

behavioral2

icedid3560182600bankercollectionspywarestealertrojan

© 2018-2024

Terms | Privacy