icedid | 987c914357dc4fb63cc1b7fa76b7a4ee598ec8fcbec3f52ecf668017061d99e6 | Triage

Resubmissions

22-02-2022 16:10

220222-tmhlzabher 10

22-02-2022 15:50

220222-s98w1abgbn 10

18-02-2022 16:30

220218-tz5bhacfh4 10

Sharing

General

Target

file
Size

682KB
Sample

220222-s98w1abgbn
MD5

bdb7436901544cf6dea91831cee1d362
SHA1

b58316cdf46507ac5b0ed539243ecb8c8d8b9f2b
SHA256

987c914357dc4fb63cc1b7fa76b7a4ee598ec8fcbec3f52ecf668017061d99e6
SHA512

6f610fd1b02ef4d73876fb25981e2c0b5f3f04c032c806f3d21bb0a9886a69d484d54b4fe5fcbc175ea2b301b6c062c446e73dd860bcaff6415e3743be374c0d

Score

10^/10

icedid 3560182600 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com

Attributes

auth_var
2
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  03c55a40355cc8cb2c4af585e4a11973
- SHA1
  
  207f004ca7a37ef43dded36dfd4cfa7e301f16f1
- SHA256
  
  e59c7732e2cbb40e8bc74f3fd5a59a578d56322410f42234189939ff33b4f015
- SHA512
  
  a842f632ef1aa91dafa75634a692f55e74097378fd48b7265c39366de656f45441d54822eddd0c66523f3e78c13840adfbc500b9622d7bc74415fac6b1181aa3
Score

10^/10

icedid 3560182600 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3560182600bankertrojan

behavioral2

icedid3560182600bankertrojan