icedid | ebd821b85532d1e09858188467ec143c62a463098d2eaeb3e613ecbce8b18d6a | Triage

Resubmissions

22-02-2022 16:13

220222-tpe9macaaq 10

15-12-2021 15:13

211215-slsj4sagcq 10

Sharing

General

Target

file
Size

364KB
Sample

220222-tpe9macaaq
MD5

db05230db9651455d995473b3c3f5ab0
SHA1

062de19e01e584b96803366a1fe6d6daee6d6044
SHA256

ebd821b85532d1e09858188467ec143c62a463098d2eaeb3e613ecbce8b18d6a
SHA512

e80f4c3331b58e2f9416218311043c701b213ef1c039f2066e96088a536c3abfd13dea07d6cb8b0df7398e43b6df57f58e077275c732464fcfd806957cb0c90d

Score

10^/10

icedid 3026272684 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3026272684

C2

hashingold.top

asperuguz.store

loppidoaster.site

ndmarkrepo.top

Attributes

auth_var
1
url_path
/posts/

Targets

- Target
  
  core.bat
- Size
  
  188B
- MD5
  
  a1550b458ee5d98525dbdb544cb3a183
- SHA1
  
  a0672371da258190c2b4bc6aade702ee8db4a23c
- SHA256
  
  933793ba688465b30736a07fc9505a49c0a0053d88dc96ad8d5aa3e29a8768de
- SHA512
  
  91422eafa8072bd02d3ea371cfd0bd6570151f9eb9506649c3fd38175652be63921e0c6f125dd66771e66125b014a2cff3bdac63f40a33ab284dff81ed0ab061
Score

10^/10

icedid 3026272684 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  relief-x64.dat
- Size
  
  105KB
- MD5
  
  dbec0bf5739233a2af8cf9af4621e73d
- SHA1
  
  5ddd2bb7a174e41fd7737233a58592c2b2ae95bc
- SHA256
  
  951e4775d53ac6f4df5aad53d9638ce1b896508bcd6159c118ddc418a296e7e4
- SHA512
  
  c0e29ed237538e35b69ea80d61ca9610c155d7c66489bff937e4e2fb941b042f5ed0974404cc73c795ac9e2e21f8f87bbda25885f07db92e2e4381e1ed24b777
Score

10^/10

icedid 3026272684 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3026272684bankertrojan

behavioral2

icedid3026272684bankertrojan

behavioral3

icedid3026272684bankertrojan

behavioral4

icedid3026272684bankertrojan