icedid | 6325b863f21d53e98a808e05d83a18740b969b9101698e66d2041fad6b392e36 | Triage

Sharing

General

Target

file
Size

626KB
Sample

220225-2n8hsahcg3
MD5

929dd984894ee984ce682fe3acba55af
SHA1

c2f2be87a9641df2defa7f776cbf5f5de597cc6b
SHA256

6325b863f21d53e98a808e05d83a18740b969b9101698e66d2041fad6b392e36
SHA512

5a6cf5b3435ec0aec24bf42ce1f3dc70dd0ff15e33594ed183e49297656c1930db418fc2fde617d24f789e52666545ce0b8297fe27a5280b739a5d4c2f147a39

Score

10^/10

icedid 3560182600 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com

Attributes

auth_var
2
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  182B
- MD5
  
  1c494d1c28af9cac5e1c26f9b9f79ce6
- SHA1
  
  fa138fdb8e22df8c6c04fefbfcc53be7bb20d017
- SHA256
  
  ae1821dda2a90fe35076771f7ea8619c4be1f3a7f2ec743875b016ba1f29ca4e
- SHA512
  
  bedd23fc38ee62a807933a850454de53d6ea1ef96c4d9758d69cf7695a58cddce357066773f91ee363b6743804ac1a8c23986b9dc9ad92c75afac482f5cfa415
Score

10^/10

icedid 3560182600 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  ridex32.tmp
- Size
  
  516KB
- MD5
  
  84fe5ea0c194f8a2c05c309fbdb60b66
- SHA1
  
  fbe82b2cedee2c3e0598fad8c35cd753220cdd25
- SHA256
  
  bb4e329e8e03b60002a2d6d22c50ac8c23a786af5d70ba7d48bd53dff093e27b
- SHA512
  
  90c6a6e9cacc1cebc655203ccbfa44730b1bd5d5735c797cf6935983537d7dfbf2c5c53e5d6fe88a87fa83e53f5ed4a46c955441662be387974b664e25c47057
Score

10^/10

icedid 3560182600 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3560182600bankertrojan

behavioral2

icedid3560182600bankertrojan

behavioral3

icedid3560182600bankertrojan

behavioral4

icedid3560182600bankertrojan