icedid | 395615f7064993715dae6e0aba8dc87e307d2bc342b58de53af3881174032ebc | Triage

Sharing

General

Target

Thunderbird_install.exe
Size

182KB
Sample

220316-ltdycscaf4
MD5

e1d37315e61fea96c175225c10bfd92f
SHA1

f552e20ada60023d2e3cfa4ebbc24cd2e9a40fe3
SHA256

395615f7064993715dae6e0aba8dc87e307d2bc342b58de53af3881174032ebc
SHA512

8b010bebfdcc0d9cdeeae3a9239f1bc42f58d5981943d18db7c803a87fc7bbc66519e80c8b12e3dd49429a255a0052411f0250048d85e89375141c9bdd35cff9

Score

10^/10

icedid 340314286 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

340314286

C2

overpasta.ink

Targets

- Target
  
  Thunderbird_install.exe
- Size
  
  182KB
- MD5
  
  e1d37315e61fea96c175225c10bfd92f
- SHA1
  
  f552e20ada60023d2e3cfa4ebbc24cd2e9a40fe3
- SHA256
  
  395615f7064993715dae6e0aba8dc87e307d2bc342b58de53af3881174032ebc
- SHA512
  
  8b010bebfdcc0d9cdeeae3a9239f1bc42f58d5981943d18db7c803a87fc7bbc66519e80c8b12e3dd49429a255a0052411f0250048d85e89375141c9bdd35cff9
Score

10^/10

icedid 340314286 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid340314286bankertrojan

behavioral2

icedid340314286bankertrojan