icedid | 35cf99defbc5978a4eb7e217347e1393b25243bd526d9e9b853e0709ed972188 | Triage

Resubmissions

22-02-2022 16:13

220222-tpgsfsahe9 10

15-12-2021 13:39

211215-qxxl4aaeck 10

Sharing

General

Target

file
Size

365KB
Sample

220222-tpgsfsahe9
MD5

8150d8231ad7d9ae4eb24f4e98b9e4a5
SHA1

6e0077ac865cfa5e41b2375b934d3ae5a6a6a6e3
SHA256

35cf99defbc5978a4eb7e217347e1393b25243bd526d9e9b853e0709ed972188
SHA512

9d64ace17c56f0a968636f0335bcc34e972cf9ef918341dc24c5ef472c2b4e40ecccea6a90fdad78a065cbb816a1bcbc68ba70330e0f3a8aad193f51cff028ad

Score

10^/10

icedid 1892568649 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

biglaneat.com

northspaceline.co

Attributes

auth_var
11
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  156f24e8e6407e9fa4d30e3f46763332
- SHA1
  
  17aa3a4b1cc8b9f3acf3568a474fff6a8058c76c
- SHA256
  
  25988a356548ea8dc87518cc26bf0a3603f415bd46f3f5e9a62cfccae94c3a54
- SHA512
  
  33449c32a50126afe21d61ce8d21a701a1afaed8eae8306d8db72c5930677e04a01f361fb38b013bbbecb2e0c5fd7fd49a7ae478192ef83ec45e91e42961b0e5
Score

10^/10

icedid 1892568649 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  future_64.dat
- Size
  
  113KB
- MD5
  
  e7317be4cdc343ccb724bede45bfee1b
- SHA1
  
  1cc27c2b4321c8c92f8be36dcdcbfec6d46e6ea2
- SHA256
  
  32a660a70c9e0893d820dc8d9bc89b4e419d45e7874127de58443aa22a423631
- SHA512
  
  ea486b98a75e4b6e565a80333612a02e822d916d0c1be03559253299c4e162215da4e17f2fb84ff5f124bf9e1a469da828e2465b69553c66c0b7f2c358faca2f
Score

10^/10

icedid 1892568649 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid1892568649bankertrojan

behavioral2

icedid1892568649bankertrojan

behavioral3

icedid1892568649bankertrojan

behavioral4

icedid1892568649bankertrojan