icedid | 3ff23f059a6349fc8c4db8dbf312aea52438e5eb9c085b30889666fc6f65b0e1 | Triage

Resubmissions

22-02-2022 16:12

220222-tnqzqsbhhm 10

01-01-2022 14:28

220101-rtgbdahga2 10

Sharing

General

Target

file
Size

420KB
Sample

220222-tnqzqsbhhm
MD5

f33f1ea34746fc446526c0a891e21ebc
SHA1

86418be5f019eb7952b3e17b4a9d59af54d56bb0
SHA256

3ff23f059a6349fc8c4db8dbf312aea52438e5eb9c085b30889666fc6f65b0e1
SHA512

de583642f19efb4f293400234ad7ee3580d1e0a5c3ca12f651fd55f203088ddb6057ca3ba9944d92c798035b350c7368bbd8560ada925a3279826039861000ff

Score

10^/10

icedid 2354879232 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

2354879232

C2

gadverjo.com

hevciak.com

reseptors.com

smallbadcity.com

Attributes

auth_var
13
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  cd3bdf58de37eece564f8fba168598d3
- SHA1
  
  244261d4d0087ad54085a336d268dd9e6e8bba04
- SHA256
  
  0aef9f9f7d660d03591f5514445992ace6b01c3986b6864309e0acb90dadc28a
- SHA512
  
  15900093569a86e2d6e46fdf63c3cc28a8dd597c8b32ea04a7e72c45d444dcef6a44c83828b957e1868f9d499939629ad8f3f4412e273fdd8d07b418b40a22bf
Score

10^/10

icedid 2354879232 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  fruit_32.tmp
- Size
  
  164KB
- MD5
  
  515f99d5ed98e5caab7505696cbca2b5
- SHA1
  
  7b2e5f92d2ebb0d70ec1b44584122d5ab7935e7d
- SHA256
  
  8c9e46da57e4edc2353f61c4bfa275c6ec3d277276aa9289214b602d0dece68a
- SHA512
  
  ef1ff438cf0f2728cb9c85dd6850fce5c0c202c80f795370b64482980d81d541abec9c974403796d139ab84d6c2307ddf2952ec531ed4a2975fb107069c942d9
Score

10^/10

icedid 2354879232 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2354879232bankertrojan

behavioral2

icedid2354879232bankertrojan

behavioral3

icedid2354879232bankertrojan

behavioral4

icedid2354879232bankertrojan