icedid | 9e32d82f6649df430b1a3c7b50cd2dd2e3a55f1262b17ffe9df889c1cad4f641 | Triage

Sharing

General

Target

invoice_202.iso
Size

1.3MB
Sample

220312-rz1xzaaffq
MD5

36d56c473734e20aa63e7255dce47b5c
SHA1

e1bf98b73dbcc087af59ba04341fa1e1066547c6
SHA256

9e32d82f6649df430b1a3c7b50cd2dd2e3a55f1262b17ffe9df889c1cad4f641
SHA512

001053251897e51b11ff6471e283d757b0fbb324931a96b6c4a74d39d6d9373f60169cc09f0c1ac6fd5fd8cf711c7691623f0190051359cdb179905da7ee149a

Score

10^/10

icedid 2401334462 banker suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

2401334462

C2

emicthatmov.top

Targets

- Target
  
  document.lnk
- Size
  
  2KB
- MD5
  
  a7ec43a3bd10d95a788f79c20ab8796f
- SHA1
  
  5c165fedae74c0ef60104772dc82f34520e1ff6f
- SHA256
  
  a17e32b43f96c8db69c979865a8732f3784c7c42714197091866473bcfac8250
- SHA512
  
  69eb3fd86ddf68e14f37dc7e862a9accf389b64c2a009c292da324bb63414453b51c6206845a1c364df0658288265a111900bbd09a50a920788dda67ccd6f2b2
Score

10^/10

icedid 2401334462 banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  main.dll
- Size
  
  1.2MB
- MD5
  
  e837721973bddc2555f675f89c6121fa
- SHA1
  
  5f03d305a3326fd0a7417b3a1d91e310db892f4b
- SHA256
  
  2c1e2e0a9ea8e180d9323229d780590df4bd1a90781e6eebc85d9c9b0b5f41c4
- SHA512
  
  fdb649c3b3f0cf36f77776fd059e6a5f19be79b2bddd66615d69b0f2633f2ee65a8ddaca3a474c899640fca1243b8f6791b89bc495c27c54929e745f134b0a50
Score

10^/10

icedid 2401334462 banker suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid2401334462bankersuricatatrojan

behavioral2

icedid2401334462bankersuricatatrojan

behavioral3

icedid2401334462bankersuricatatrojan

behavioral4

icedid2401334462bankersuricatatrojan