icedid | 89e052bd182df8de5960784c663f962d44e058c8920a437f54ab75d03a7da3bd | Triage

Sharing

General

Target

89e052bd182df8de5960784c663f962d44e058c8920a437f54ab75d03a7da3bd.iso
Size

614KB
Sample

220224-z1aq6sehfl
MD5

6e78f987459df53ba44ac0a3b6cf147d
SHA1

fc3cb673c081c9bcb22b6407c376d66254dfa9fc
SHA256

89e052bd182df8de5960784c663f962d44e058c8920a437f54ab75d03a7da3bd
SHA512

4455b8a3fc38fcdaad2771b9018c2e0d4367f29cae23290355fcdb7d766dcc63c1c2c75e519cd0c634df05003e579fe3331ae8967461439f3e05ba1bc24dff72

Score

10^/10

icedid 3976801418 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3976801418

C2

blinkenx.com

Targets

- Target
  
  Attachment.jpg.lnk
- Size
  
  1KB
- MD5
  
  d1ff80bc7c989227fb15abde19228bad
- SHA1
  
  8388cb716f544a7395d4794860b71766eb500200
- SHA256
  
  0cf9c93c8d12ac79600311efc0c6a4dab7f34c18bd8321e03d7b0fcbba6d0279
- SHA512
  
  c4bf377b85f94d6746c32c50aeb2e2ce8f680d4514587857a5217ae64ab06cc16959e55cfd6c61dc9e7693ee18aa10ec0f90b94e3c449d00464f196229cfff66
Score

10^/10

icedid 3976801418 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- IcedID First Stage Loader
  loader
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  z.ps1
- Size
  
  264KB
- MD5
  
  b9942f242fc7a5b191d369d62419427f
- SHA1
  
  465d2a92253adda3da9c6141e972bdbb3581fd60
- SHA256
  
  4bec4c4012eab37036844348e9d5df6e98e3f9dbd2be3a7b4dfd8ba78e8b5a2e
- SHA512
  
  40484368690f992f64ea7b874202b71af278c11f131c5b128b3f8b1b34f93c801d99666466046dd0abf92bfce206d616a6014decf344c499962bb79515cad6f2
Score

10^/10

icedid 3976801418 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- IcedID First Stage Loader
  loader
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid3976801418bankerloadersuricatatrojan

behavioral3

behavioral4

icedid3976801418bankerloadersuricatatrojan