icedid | 24a1b1d73bc7639ef34f94cce3f9fc1ed39559ecb0d6105a5274bd9678146784 | Triage

Resubmissions

22-02-2022 16:13

220222-tn4ktsahe3 10

21-12-2021 12:40

211221-pwmj3addg6 10

Sharing

General

Target

file
Size

389KB
Sample

220222-tn4ktsahe3
MD5

35986123891b2a7d55c7f048de148ae6
SHA1

ab1609ee99bcc348fb3566e4e5517c777e958334
SHA256

24a1b1d73bc7639ef34f94cce3f9fc1ed39559ecb0d6105a5274bd9678146784
SHA512

d0687477c10c1d2ddfaa70a1f16c954e62cfa075ae5123040fc550ed28a2b2dad9ef4f1e7308a5bdee96a25aa25e2451a559e1b93da3eea7cb399602b49a6539

Score

10^/10

icedid 1892568649 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

biglaneat.com

northspaceline.co

Attributes

auth_var
11
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  188B
- MD5
  
  eb6e65f882f3dc966ca138a234ea4f97
- SHA1
  
  4b1f5a826682a807fc0d8172d82529853f5934a5
- SHA256
  
  9a362e257a3da6ab0d465bc694c8573382d16c43a5273a0db445972127b729a8
- SHA512
  
  5a91fd7591b278b7647ffa31c2681f605098f32cd6ec9700f47d3b8bb944479993c7bca8f2ab4dcc217e76837273de58198d17b0c72b17257d410e867c277ede
Score

10^/10

icedid 1892568649 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  critic-x32.dat
- Size
  
  111KB
- MD5
  
  b5f6cf31669b934da14ffa6fddf5dd3e
- SHA1
  
  a09b486da87cf834b57dfe955605d6cc7a8df0f1
- SHA256
  
  a32eae0d939f077c13c8f96e59e7c03fc3256f17992b11fcf7df81041fa156ee
- SHA512
  
  3bef955dcb84029859955af1bb0b9c6b68371306367a628c110076d747373e6ead51f84fa9191d5ceac4c2c7e217c2d462df1e539411ab41bb4181d8662f63bd
Score

10^/10

icedid 1892568649 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid1892568649bankertrojan

behavioral2

icedid1892568649bankertrojan

behavioral3

icedid1892568649bankertrojan

behavioral4

icedid1892568649bankertrojan