icedid | bb1d00c11b7972de37cfecbb71b8d5055ccd6d812f730560b72604c6b6493b0a | Triage

Resubmissions

22-02-2022 16:12

220222-tnvmxsahd5 10

29-12-2021 12:44

211229-pyrxkadddm 10

Sharing

General

Target

file
Size

415KB
Sample

220222-tnvmxsahd5
MD5

50446566008e4a67b6269552a32a4f1e
SHA1

daa3fea7d0b15011e8292ea2876e1d7e305f8115
SHA256

bb1d00c11b7972de37cfecbb71b8d5055ccd6d812f730560b72604c6b6493b0a
SHA512

f680642ceb9c56507c1a5e544be4817751904824cbc1d79a7b6f02638ddbcd6624a38eecb02868a792a2a32895459c1f1c2df52dff9b57d47b0e9ab34f26dfe8

Score

10^/10

icedid 4221486031 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

4221486031

C2

xijsry.com

zanokiryq.com

gladmitter.com

Attributes

auth_var
2
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  190B
- MD5
  
  d07bd20c9332a664281324d4d5f24192
- SHA1
  
  6ddd6d5963dae32b01e7da32f2584063abe7e081
- SHA256
  
  0fe8f22ad821a9c728388607edfc1ae4248d1d3899bdc76660e76adcbdca6f79
- SHA512
  
  aa018d93c8b5cbe4c1726903f6a93f5eed7c2f92dc744ef5435fbc2a423c4c61ca2e2526a835f9fd17cfdff8ac17a97b895df1203857a13bd0bbdb2653f72958
Score

10^/10

icedid 4221486031 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  hundred-x64.tmp
- Size
  
  155KB
- MD5
  
  2b5854b1aad15a543efdbf3dc956bc4c
- SHA1
  
  a197d83131619dc4aac605dd2795d4c6beb2cab7
- SHA256
  
  a386a65396aaaea3b07159f8e5510be29368bb733219848c3ea1c8c8205e839e
- SHA512
  
  fb9c4c1dac6e01cccb4b54066382ec53a9c1171c9ed5b348abeacea6b583facc199ae52a24bf4a8345b4745524891f8f1e567524525a22df18d2933825d76430
Score

10^/10

icedid 4221486031 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid4221486031bankertrojan

behavioral2

icedid4221486031bankertrojan

behavioral3

icedid4221486031bankertrojan

behavioral4

icedid4221486031bankertrojan