icedid | 4b4824c1efdfdc0d1b163fbfa5925292849d1cc9cdb9f7e514c5d02235dda08e | Triage

Resubmissions

22-02-2022 16:14

220222-tpmzgacabp 10

13-12-2021 19:31

211213-x8wx9sfccm 10

Sharing

General

Target

file
Size

673KB
Sample

220222-tpmzgacabp
MD5

249be027c999f9c1d439ddcb4835c70b
SHA1

767a131c74d7327cb38acb97a9d89c0ea529ef4c
SHA256

4b4824c1efdfdc0d1b163fbfa5925292849d1cc9cdb9f7e514c5d02235dda08e
SHA512

8a21a52fba285ffad95f38f8b090be5a8da1f3f923ad9e256ed5d38fcfaafff8401c4311181c5f7392d54522d434e3d58d13910c64fe914dcde8cb8d0ba84968

Score

10^/10

icedid 945271051 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

945271051

C2

gudweenten.com

crackeden.com

Attributes

auth_var
2
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  2e8904456778492446e7a344f08da03a
- SHA1
  
  19fde2da674f8f4c7314efaf3e7c158100861e31
- SHA256
  
  87eddf6b25dcd05c70fa7a348bfd1603dc812a82cd67095c78ccf6240be8f73c
- SHA512
  
  f05fe57f84898c38bcae76533e0123fa5911370228a46f49ad2cc36de0881488856e0fc361749b3b84ac89de63b1c6dae0c6c4813a83ddcca7320743588084b5
Score

10^/10

icedid 945271051 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  impose-32.tmp
- Size
  
  697KB
- MD5
  
  4c98820fca5ad86c88750b06dfbd20f7
- SHA1
  
  3829686d4681859701e391442683731aa39c276f
- SHA256
  
  806f83a4dcf4138c961a9f8f32c2a6f4d75dd9cf7dd2d7505687dfb639761229
- SHA512
  
  ea719057a0d6ebbb7e6b761c5ba53d366b24bf35bd56a03fb988ea8ba0b5ced75a21b75610f3fce3138949f097456e9c6ed103958b4505166cf57247c3d26d84
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid945271051bankertrojan

behavioral2

behavioral3

behavioral4