icedid | 008a674e33435ce0b892d0a68ac6d01f9606c040da87b21a10ed069729ee04ff | Triage

Sharing

General

Target

008a674e33435ce0b892d0a68ac6d01f9606c040da87b21a10ed069729ee04ff
Size

164KB
Sample

220224-ymkhsadeg8
MD5

5cee9f5471e84ef4df2733d371e019d9
SHA1

8f3d62d73b70267156e40a3cebe16430718aa4d4
SHA256

008a674e33435ce0b892d0a68ac6d01f9606c040da87b21a10ed069729ee04ff
SHA512

69758a183204feed5ced5e1838c58e309861da098f4b54a8f758bf520b0e1a326687a2b0f19e97209f118b39c95545fe9b1b585f859e25857b9043816c88092a

Score

10^/10

icedid 2354879232 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

2354879232

C2

gadverjo.com

hevciak.com

reseptors.com

smallbadcity.com

Attributes

auth_var
13
url_path
/news/

Targets

- Target
  
  008a674e33435ce0b892d0a68ac6d01f9606c040da87b21a10ed069729ee04ff
- Size
  
  164KB
- MD5
  
  5cee9f5471e84ef4df2733d371e019d9
- SHA1
  
  8f3d62d73b70267156e40a3cebe16430718aa4d4
- SHA256
  
  008a674e33435ce0b892d0a68ac6d01f9606c040da87b21a10ed069729ee04ff
- SHA512
  
  69758a183204feed5ced5e1838c58e309861da098f4b54a8f758bf520b0e1a326687a2b0f19e97209f118b39c95545fe9b1b585f859e25857b9043816c88092a
Score

10^/10

icedid 2354879232 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Suspicious use of NtCreateProcessExOtherParentProcess
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid2354879232bankertrojan

behavioral2

icedid2354879232bankertrojan