icedid | b1964a8a4ce0872dc29df756a93bdd59815cc2ddc1d309dc2477e2ea5f34d49f | Triage

Sharing

General

Target

file
Size

394KB
Sample

220224-yle7nsdeg7
MD5

74bce267e25bd85171143ca28344db01
SHA1

dd41521724c7b5dda199b6f7c720485b701d30b4
SHA256

b1964a8a4ce0872dc29df756a93bdd59815cc2ddc1d309dc2477e2ea5f34d49f
SHA512

d03367eb0b40d87389c39bbdab570e2f12dea86cf5a28b53e76599aa092e444809fb2eafc3fea250026d89a6f6141cfea7d981db8db6eff6a82f6156ce1e850e

Score

10^/10

icedid 3078948156 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3078948156

C2

firstdatachannel.art

firstdatachannel.click

Attributes

auth_var
15
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  188B
- MD5
  
  56447286993548dea90eac6192049629
- SHA1
  
  c401c242991a27299072b71396e5b42a33435c4f
- SHA256
  
  3c9cfd4795a1ef24972cce5330abc85d7d85e499876d21fce112d0c98af0b968
- SHA512
  
  e424af0989cbf87375d6376ab791cc83299f81e7df2e84c3d26fded2015b179609aadedb6ee8cf4c3ba6ebcff4d10b050976a4c12e91b0966d89bdd8de54a1f3
Score

10^/10

icedid 3078948156 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  gesture-32.tmp
- Size
  
  126KB
- MD5
  
  d02952a050734863f7556a85abb07b74
- SHA1
  
  cb4ab28e54476b96382e260aca5a4175f4b9f800
- SHA256
  
  e9626b0caea5e6ee4043d2a31a6d2ee055959a4d3247eb2ff727aa384bd71607
- SHA512
  
  4dcf65dd7c6712c0d9ce70c094600df2fd25c06f259a13b371d2cb83f61b9340b9879c24d1dad286cfc3c5d5a0982b4443e4c8e02a487652abe6efed2ac5577d
Score

10^/10

icedid 3078948156 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3078948156bankertrojan

behavioral2

icedid3078948156bankertrojan

behavioral3

icedid3078948156bankertrojan

behavioral4

icedid3078948156bankertrojan