icedid | e4325dc38008522f209690e4689488d3aaa953c39d19294e2810e9d05af0876e | Triage

Resubmissions

22-02-2022 16:11

220222-tnbvtabhgm 10

26-01-2022 01:41

220126-b39fhscchj 10

Sharing

General

Target

file
Size

356KB
Sample

220222-tnbvtabhgm
MD5

75b7f71e8263d4e978c0a2b85e3a9179
SHA1

97e886d13c488f00885d1128bab45e216530f143
SHA256

e4325dc38008522f209690e4689488d3aaa953c39d19294e2810e9d05af0876e
SHA512

10874c5e452c8fa0f2c35d89cde5cdd565415feadcf111a927aa515ade08dd1033ff2899630f80e70c3a6878d4837a01fa62e8754f4fe366dd947793d861bcc1

Score

10^/10

icedid 3560182600 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com

Attributes

auth_var
2
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  647548050a9ae6d581be95d02348b740
- SHA1
  
  840c849ae6aea027fc481d239fb8094d13b90683
- SHA256
  
  9f2dc6bd9e193c6da3c9596b3fa62415d50a132ce994840e75461b399287354b
- SHA512
  
  4e9b123380828d6a26294a344188204d8ad67a27d9e6f49146f7f06fa968c230ec0e0e945322eed576eca95c8f011d3b44d1203c66b1d776392fe8f393169475
Score

10^/10

icedid 3560182600 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  hurry-32.dat
- Size
  
  147KB
- MD5
  
  10e431edd6c392b122115b14e0e00075
- SHA1
  
  8f45d7ce82ea7a6e2a1835945d467f592ae2f43c
- SHA256
  
  3ee43f8bddfeed1db349da62db9e27260afedc8717aa999df6d24f91268200d4
- SHA512
  
  9f93e6267dcc00e3aa501852b5a1137e0f9cc29a62f358e57f1dd56872c5fc157ebaad5cf8c9afeb3df0b64ee459112ab2080078706181ae3ecda564f3a79e84
Score

10^/10

icedid 3560182600 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3560182600bankertrojan

behavioral2

icedid3560182600bankertrojan

behavioral3

icedid3560182600bankertrojan

behavioral4

icedid3560182600bankertrojan