icedid | 6c5fe6eff78ff79579063a58a9ebf5fec886a11be1202e8c174c42b0acfde17e | Triage

Resubmissions

28-02-2022 05:26

220228-f5dh3sdce2 10

24-02-2022 19:51

220224-ylaxysdeg6 1

Sharing

General

Target

file
Size

584KB
Sample

220228-f5dh3sdce2
MD5

731c3f9650a2305988ef4af1e04192ff
SHA1

dbf0ad3203c394f6ff489bd0f5473015310a43e0
SHA256

6c5fe6eff78ff79579063a58a9ebf5fec886a11be1202e8c174c42b0acfde17e
SHA512

2f345032a3614b8b21a0405606428337c0c374b6a210ed472192da8cf589e9a9be2ca6201ce0144182f4efe5ff60a7ec772f6cd24de86809fc8cc2561155c9b5

Score

10^/10

icedid 3078948156 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3078948156

C2

firstdatachannel.art

firstdatachannel.click

Attributes

auth_var
15
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  192B
- MD5
  
  475919519357aad9eaa5b9efcc4dfd3b
- SHA1
  
  3892f30e452e5fdb2d22c6e9c1966b0cc7688038
- SHA256
  
  281bb051743e8fb3842685e8a45d36a24d7b2060ec1fb6b1e0d9f6c159722cd6
- SHA512
  
  cb3ffa2a5694dec3209c2d17dd0613fec19b5f07f252b3c61f418cc763e5fe9e6800109eae52b955528ee4d88c472037777e8b554dc05f6f4419c4cd8f586f6a
Score

10^/10

icedid 3078948156 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3078948156bankertrojan

behavioral2

icedid3078948156bankertrojan