icedid | 1938b54b768ab26cfd65aa00e9735c25eac7406a0ac7e2974bd02e88ee1ba9fc | Triage

Resubmissions

22-02-2022 16:12

220222-tnl1saahc8 10

06-01-2022 15:26

220106-svf8fabda6 10

Sharing

General

Target

file
Size

358KB
Sample

220222-tnl1saahc8
MD5

bd8af147d6064ecfa09408be0bb84621
SHA1

c69fd2f99a0a6f50a458801b30a0d203745bd4e8
SHA256

1938b54b768ab26cfd65aa00e9735c25eac7406a0ac7e2974bd02e88ee1ba9fc
SHA512

dea53d29b1254f6615fb77db73dc30274997907a67e3b32e8e325e291ff170e16159b70b941442a50c8b82b531eefe3382bd8b889d561da69ce251504e23ce7d

Score

10^/10

icedid 4103365356 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

4103365356

C2

upperdown.eu

upperdown.in

landofrayz.com

Attributes

auth_var
16
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  180B
- MD5
  
  92ab94157586e3937dcfd7aaa380a7fb
- SHA1
  
  74a326efc3c891877a8d2657d8a2fe3e37f059f7
- SHA256
  
  dc74ad702adf3a1d49a4070915ffbd1b445c8f0ecfa42357a74380e34793f61d
- SHA512
  
  44a54970a090f43c9dfa1865a0df0d5513cf3836d656f57a4c54d53847d8ada7e71265b53422ab7acbe1781a45742d8bbaa256cc275b514cbd773850cfadb77f
Score

10^/10

icedid 4103365356 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  surge-.dat
- Size
  
  56KB
- MD5
  
  33dfe81be311fa8ef57484233cc41048
- SHA1
  
  2add3138807dce2a3d2cb840b100746e76188455
- SHA256
  
  537e72101559c3aac83c6618840241fbfbc93ee3fca306c52b4436a0558fc5e4
- SHA512
  
  b3029ff6e0480dea8efc043b1ce54c7d1461755d198a9fc83163b860515ff9f4f0d243c64dfec68d4ea5487395bfb79fe0ca80b68bcc099e40f64847eee8fe09
Score

10^/10

icedid 4103365356 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid4103365356bankertrojan

behavioral2

icedid4103365356bankertrojan

behavioral3

icedid4103365356bankertrojan

behavioral4

icedid4103365356bankertrojan