Overview

overview

10

Static

static

16570059.exe

windows7_x64

10

16570059.exe

windows10-2004_x64

10

Resubmissions

18-03-2022 07:41

220318-jh64naghan 10

18-03-2022 05:12

220318-fvvplsgah2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16570059.exe

  • Size

    1.1MB

  • Sample

    220318-fvvplsgah2

  • MD5

    1c55a0606a7d5d68d1ccb260e8457474

  • SHA1

    2361625e5d1f0c081569ae500b69db8cdbc05deb

  • SHA256

    d1dadbb83cf0411ff714a0cb92b82b4f9f8798be3a9f9edf40e65a55637efdd6

  • SHA512

    b01db8f8faa84c477bd174ab7c5ebcc8abbc7850dbc672a3ece4d8c2caa16397b9f671d5a4fa493252e938f5a675e1eeadf12fed863aaeec791eb64a2f028ef7

Score
10/10
icedid712890712bankerloadertrojan

Malware Config

Extracted

Family

icedid

Campaign

712890712

C2

fikasterwer.top

Targets

    • Target

      16570059.exe

    • Size

      1.1MB

    • MD5

      1c55a0606a7d5d68d1ccb260e8457474

    • SHA1

      2361625e5d1f0c081569ae500b69db8cdbc05deb

    • SHA256

      d1dadbb83cf0411ff714a0cb92b82b4f9f8798be3a9f9edf40e65a55637efdd6

    • SHA512

      b01db8f8faa84c477bd174ab7c5ebcc8abbc7850dbc672a3ece4d8c2caa16397b9f671d5a4fa493252e938f5a675e1eeadf12fed863aaeec791eb64a2f028ef7

    Score
    10/10
    icedid712890712bankerloadertrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • IcedID First Stage Loader

      loader
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks