icedid | dce759f629e445e004412d7ff1688ff3458d68f844d45f59d7d054551664af16 | Triage

Resubmissions

22-02-2022 16:13

220222-tpdqssahe8 10

22-02-2022 16:13

220222-tpb7zaahe6 10

16-12-2021 11:18

211216-nehzwacaa3 10

16-12-2021 04:08

211216-eql18sbhgk 10

Sharing

General

Target

file
Size

398KB
Sample

220222-tpdqssahe8
MD5

3b8c31f58d129b7dc22d45c94919e5f2
SHA1

3caa756e0c362a4e8c6a062b63a20e974743c07b
SHA256

dce759f629e445e004412d7ff1688ff3458d68f844d45f59d7d054551664af16
SHA512

75ef8029ed981148cf347f6580fe7bd11a5514a6dd0855a0ecb4da8b089c73075ca95543bb0c267405cdaa112f9b1788b00be778356b778a11f8869b73f1dd2a

Score

10^/10

icedid 1677997313 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1677997313

C2

asrspoe.com

aviospe.com

applesflying.com

badgoodreason.com

Attributes

auth_var
17
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  5bd4250c03a115f6fd370056f069f8d7
- SHA1
  
  9a42391c1b7b096966d8c432ba23aebee2aaeac6
- SHA256
  
  bcd99df71c80e21a9d9698779848be9e8f38f47b89e38792911fdf19720e3f0c
- SHA512
  
  861e2ca7f5a39c2d5c4a0db390769308aea219d20f19cc0f200f63641498fce9b0e7d2b283df2ea741f1a810e4c6f725c0ae64174c43aca47582e894c1a83b6b
Score

10^/10

icedid 1677997313 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  orient32.tmp
- Size
  
  151KB
- MD5
  
  ebfc2ce58d5573a735b40b2302f2de4a
- SHA1
  
  b4eca993956dbb7e785c4a6c0ea4866297219368
- SHA256
  
  e1154b718a8e0213f1c6c447810bb4edaf887906386458d2bd5ca0c73e73ca26
- SHA512
  
  17a5742d349e349bb1c6191954805efe530a11d41863de57fb40a6f992fd5837d8901770219c3a0990f270bc07bbbc1e75f7e3b1fdda8404ad2108f263b906cd
Score

10^/10

icedid 1677997313 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid1677997313bankertrojan

behavioral2

icedid1677997313bankertrojan

behavioral3

icedid1677997313bankertrojan

behavioral4

icedid1677997313bankertrojan