icedid | bfdc603164ebc394b5438969a56184c34443a14cf05abc5c7c6195793c53c585 | Triage

Resubmissions

22-02-2022 16:12

220222-tnr7ssahd4 10

29-12-2021 16:43

211229-t8h5madfcj 10

Sharing

General

Target

file
Size

418KB
Sample

220222-tnr7ssahd4
MD5

ab48e4e62d4204ebadec58de5d0f4c01
SHA1

43dfbae458de3315498829ba2fe83f08a6889057
SHA256

bfdc603164ebc394b5438969a56184c34443a14cf05abc5c7c6195793c53c585
SHA512

76f9c31e21ac2997b04eb7b6a8331755f2c6b21d52c2a855f28c5ee5dea2f10b440a3d1fb7b8d32ae12ec1596e367975040f8977da7ed9ce8636482e34190493

Score

10^/10

icedid 4221486031 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

4221486031

C2

xijsry.com

zanokiryq.com

gladmitter.com

Attributes

auth_var
2
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  2e953752ab70f418ab9e4696d9b4bdfc
- SHA1
  
  a079b4c52925246ceea4566c3939f4e383c809cb
- SHA256
  
  9af7012c43781e99e421ca53d2b00f52b30f5eb35f436baa21bcbc919cd8ccf1
- SHA512
  
  8faf179ae5505a48650786fac05f7a6f291a787904367aec505f9b5b0ac7de1b123b8a19c243e74fa49edf34d8f6de84d741cf11108d05eb017c6c3afc8a3d9a
Score

10^/10

icedid 4221486031 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  entry-64.tmp
- Size
  
  160KB
- MD5
  
  d6444f52777f52f5a18dfa8d30fe8ce2
- SHA1
  
  68be9b3164b7b7f133bb0242b77e88b04bc03b08
- SHA256
  
  6c358edb2a4ffa59ffcd066960f937db7f95cf646ea2792bc5efbe8b3072dae7
- SHA512
  
  f5d6ee66748d9d51cab0b3e85a451dcaccdbee04eb31e5dcd6f019a3f08b4818134d5c0d41dd2991c152a6292d34e81495d19dbd5eb51da16ecb60def5625179
Score

10^/10

icedid 4221486031 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid4221486031bankertrojan

behavioral2

icedid4221486031bankertrojan

behavioral3

icedid4221486031bankertrojan

behavioral4

icedid4221486031bankertrojan