icedid | 1869b01be54906afad08381c3e9cf6eda44d368befb2db881eb12a92b4eae882 | Triage

Resubmissions

22-02-2022 16:12

220222-tnz8eaahd8 10

21-12-2021 18:36

211221-w83kdafbdq 10

Sharing

General

Target

file
Size

389KB
Sample

220222-tnz8eaahd8
MD5

e0a1fefd8949d5e6e81f76eaf79ddf15
SHA1

a9cff9465aaed9651a211237c6c8358146e8f209
SHA256

1869b01be54906afad08381c3e9cf6eda44d368befb2db881eb12a92b4eae882
SHA512

11e2b40fa7ae0fc3ce0ab5d45654fdf6a282ebaea846029e525b46db50ba99153a094ba80eb3b7235c40841cb47cf70bad3520cbe0d173db2d0639f5bef0bffe

Score

10^/10

icedid 1892568649 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

biglaneat.com

northspaceline.co

Attributes

auth_var
11
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  df0fb1bba8b591ef1a391c96453b02c3
- SHA1
  
  81570776a0d9aea2c3d37bfe9ff949e7d83eca75
- SHA256
  
  8c8c0977b4751c69bf957a64e21f7f657007ee092c2a62999d8541c95c0b7022
- SHA512
  
  a406301acd43039d3b7de8a878a0a5d52d3b6e065b5900a8357958fe3f5d638b61d085f7e610b13a73af062df1b56948e87c8ae0e660b317917ddadd7863fa6d
Score

10^/10

icedid 1892568649 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  master-32.tmp
- Size
  
  111KB
- MD5
  
  b5f6cf31669b934da14ffa6fddf5dd3e
- SHA1
  
  a09b486da87cf834b57dfe955605d6cc7a8df0f1
- SHA256
  
  a32eae0d939f077c13c8f96e59e7c03fc3256f17992b11fcf7df81041fa156ee
- SHA512
  
  3bef955dcb84029859955af1bb0b9c6b68371306367a628c110076d747373e6ead51f84fa9191d5ceac4c2c7e217c2d462df1e539411ab41bb4181d8662f63bd
Score

10^/10

icedid 1892568649 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid1892568649bankertrojan

behavioral2

icedid1892568649bankertrojan

behavioral3

icedid1892568649bankertrojan

behavioral4

icedid1892568649bankertrojan