icedid | 9424e361d1fff5dd475b78a0436413a0ba022d3e4e0d13967bf7a27362f3a144 | Triage

Sharing

General

Target

file
Size

362KB
Sample

220308-xd7raaaeg4
MD5

f7c6415bfe41a6001c36828a34ec954e
SHA1

e1c6d6745cd703b4f46e03c9fe99bc893583d408
SHA256

9424e361d1fff5dd475b78a0436413a0ba022d3e4e0d13967bf7a27362f3a144
SHA512

e7c82f7febeb788bc9c7487a76db9aa17fcae7f812c0ec073c751027bad6e5b59c62f77420ba002ec795a9ea460a88a317db15e2f7cc7fe7c144def40640e251

Score

10^/10

icedid 273095221 banker trojan

Malware Config

Extracted

Family

icedid

Botnet

273095221

C2

loniferast.top

hoseonlin.top

fallhuma.top

nefitsonyo.xyz

Attributes

auth_var
1
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  4766e3cd2f4eb06fd1563a3dd3a7704f
- SHA1
  
  cdb45f46f51bce83cedf8bbd1b7be775d32bad60
- SHA256
  
  61ad4c75614d2a61ffb2423125d87b56eab3bfe3046f4c41e7ce402b3e512ed2
- SHA512
  
  4d4c8409cb662989c1ef490291b959928a2a5ac4e98cde4106ea6a0ea1eb8b055603edfa136bb4c0ceacb4bc651ab557eddfb9731a5776290d2e7669b7838a4c
Score

10^/10

icedid 273095221 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  pistol32.tmp
- Size
  
  43KB
- MD5
  
  55c3137ff1fb18f315a42e41e00c97a1
- SHA1
  
  b798ce92577de625ae4f4cbd15a5b37f832e142d
- SHA256
  
  58d60dbbfde0e93ed83c1656660252fc6d192532cbd5d122c39c0481848a22f2
- SHA512
  
  a9b7ad7825c06296a01a02a6fc287c231470b9ad105ee6d5a5006c5521eed3a41d0f99b4c97262dad0a718b62bb25e52ec0fd469fad8699f8ab651ffcf14b4d2
Score

10^/10

icedid 273095221 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid273095221bankertrojan

behavioral2

icedid273095221bankertrojan

behavioral3

icedid273095221bankertrojan

behavioral4

icedid273095221bankertrojan