icedid | c154e3c6d04236e940af9e4ca1f5b44e354edba99ca6a6948e4c205fc73b6a14 | Triage

Sharing

General

Target

invoice_101.zip
Size

748KB
Sample

220311-vk628addfj
MD5

b9e3f89ca8d8e233ef2847183c70ae0f
SHA1

211ccf6cdd6401d9bf33d6d661eb42633c38fb81
SHA256

c154e3c6d04236e940af9e4ca1f5b44e354edba99ca6a6948e4c205fc73b6a14
SHA512

9b62742a1dde581b0c1cc1f6b3524a13c14c97f5541234c4e20b31f0c2e661f89cb3d24939db74f1ca34fc51c8bb78b0f315cb58b127466a11eedeecc0db4910

Score

10^/10

icedid 2401334462 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

2401334462

C2

emicthatmov.top

Targets

- Target
  
  invoice_101.iso
- Size
  
  1.3MB
- MD5
  
  f8de85c24adbe7e2cdbc4e0f34c5e2ed
- SHA1
  
  2db699ce6d2248ae7a5b09f75f7e592bfbd313be
- SHA256
  
  4650d948ad7d491073debf27356d91774abbe5f355f4b2fd9ccea59cfd0b0de8
- SHA512
  
  5834fe3010e286ca0818cbe022e0bdf58f35aafb4d8943901e723e34dc8f610a782d4bda86eb0fab3179f5c69b0e07c35744512c192e577aaf8e16be2df28122
Score

3^/10
behavioral1
- Target
  
  document.lnk
- Size
  
  2KB
- MD5
  
  a7ec43a3bd10d95a788f79c20ab8796f
- SHA1
  
  5c165fedae74c0ef60104772dc82f34520e1ff6f
- SHA256
  
  a17e32b43f96c8db69c979865a8732f3784c7c42714197091866473bcfac8250
- SHA512
  
  69eb3fd86ddf68e14f37dc7e862a9accf389b64c2a009c292da324bb63414453b51c6206845a1c364df0658288265a111900bbd09a50a920788dda67ccd6f2b2
Score

10^/10

icedid 2401334462 banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
behavioral2
- Target
  
  main.dll
- Size
  
  1.2MB
- MD5
  
  54a4016cf2d929ccea9ef47efbd96542
- SHA1
  
  b761fd0ff2a4f4394191e8a9bce4c586f131b8f0
- SHA256
  
  4bbd73e64d3fea6e61c91d419a0014985bd058d9adea2a7b4e863867aa79435d
- SHA512
  
  8fa4b15b7efed88810060f222ae5bb9248be9dd8145a329fe3f3494278d8e4826fd36948443cd3d568f55ab951dc1b9c96090c643abb1292036966357f1d63e3
Score

10^/10

icedid 2401334462 banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid2401334462bankersuricatatrojan

behavioral3

icedid2401334462bankersuricatatrojan