icedid | f912ee20165f3614737cdcd77ae247dfb77121a8d715093aadb140013ae3d3e2 | Triage

Resubmissions

22-02-2022 16:12

220222-tnw6rabhhr 10

24-12-2021 12:15

211224-pfdxzsdacl 10

Sharing

General

Target

file
Size

514KB
Sample

220222-tnw6rabhhr
MD5

d50b6395e0365eeb17c8defd05d26253
SHA1

884ea3df85a98c9ebfaae97cffd7bd1370558d32
SHA256

f912ee20165f3614737cdcd77ae247dfb77121a8d715093aadb140013ae3d3e2
SHA512

f6652854627ffdef8a16b5dbd300d45cac1904008af8f480c215e8b5ae546528b4ff841a62e6862544a1516383c5aa210f967a8eee82660479f05aaa3e0e4593

Score

10^/10

icedid 4221486031 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

4221486031

C2

xijsry.com

zanokiryq.com

Attributes

auth_var
1
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  1f350f17e933b7d03611705057e962d4
- SHA1
  
  68136a6626e5223739b901c1ea266647a3ceebe3
- SHA256
  
  ee5bdfc8e7b378355cb631a30e636371ea03f9d2bf15138984734ebe76e7788d
- SHA512
  
  4982fab76ad7a72b2b0de62733afbdda6934769bc0578d6ac6607e7d62493d78dd2310e1a2f43b4fa87d895e1a3c7bf7bc147df904af53cd238927f8e3e7e3b1
Score

10^/10

icedid 4221486031 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  master64.tmp
- Size
  
  347KB
- MD5
  
  4619b03a812a34ba515c8974d9b28b0a
- SHA1
  
  951f68e693cb1b5bf519324a073ea3ddc8de7e13
- SHA256
  
  1b7680e6a4c0d5e9e3af6cea0aaf74d4960dfcd27b4ed2d7597a89a6346ca67e
- SHA512
  
  816bdf9841db323f5290cc65a446b99d9b19fa4bdbc37305c9a93e200b72a298f03446cf5c61e928b12f5134f20fd5d6713cb158565adf452ec97665886f6298
Score

10^/10

icedid 4221486031 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid4221486031bankertrojan

behavioral2

icedid4221486031bankertrojan

behavioral3

icedid4221486031bankertrojan

behavioral4

icedid4221486031bankertrojan