icedid | 852d511a9276c1004efcdc148e70aecb973948389be1094cdbc850c4face77d6 | Triage

Resubmissions

17-03-2022 16:28

220317-tyt45schbr 1

02-03-2022 07:56

220302-js74psdhh5 10

24-02-2022 19:52

220224-ylj6maehbj 1

Sharing

General

Target

file
Size

620KB
Sample

220302-js74psdhh5
MD5

0b90bb9d39feb6b704b08fb7dcb6048f
SHA1

a52b9e8f749789e81c55e7894ffaf62807e444bd
SHA256

852d511a9276c1004efcdc148e70aecb973948389be1094cdbc850c4face77d6
SHA512

961dd6506e4ac027f6c94cdb2869f747c60c31223593ae3c0ef3610af115937fe24784b4f0e56301bbef46ef4ad9eddcd945b35f90e63c5c836eb37662a99470

Score

10^/10

icedid 3560182600 banker trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3560182600

C2

coolbearblunts.com

cooldogblunts.com

Attributes

auth_var
2
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  188B
- MD5
  
  5d557256208a36dcd239278ba626f30c
- SHA1
  
  1e54238d55ab57ab5e7b787d3f369d6a02374d2b
- SHA256
  
  26cfdedc156563695d6188240fa38ee5d3b29e468dee368facf66b8710eae3e2
- SHA512
  
  2cd8215e99f4d61035747670dd2109aa806fe4c505648982926bb1bd886eadf1da583823e019e8af34939531bf669b6ffb19a334f3c3e678c56a7f5ebe2745ad
Score

10^/10

icedid 3560182600 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  pumpkin-32.tmp
- Size
  
  600KB
- MD5
  
  b3afc3fcf6756131e897a5234707e422
- SHA1
  
  82684fd3a133ad4be9abcd8f95e56eea403e4706
- SHA256
  
  3055bfdc5fee78ad2b92fc4b1a35a4632a1f03152fc7e835a7f21d41e44aeb26
- SHA512
  
  a860a193ee62045fbb0da4ea6735913cee6a9786008a487a2f8755a3d1dceea73b74da8301af5a4e1ebec2ae88d581e7be07f620cf90461047eda790673b9b88
Score

10^/10

icedid 3560182600 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3560182600bankertrojan

behavioral2

icedid3560182600bankertrojan

behavioral3

icedid3560182600bankertrojan

behavioral4

icedid3560182600bankertrojan