icedid | f31cbfe50f6b800f6911e47e9784e3a7ade35538c514248d01efd310a9b060a3 | Triage

Sharing

General

Target

file
Size

365KB
Sample

220321-zawkysaaen
MD5

04a10dd0d064f3fe0ca229d782abc4b1
SHA1

898483e41ee7037fc55f9114258434c045fe8f83
SHA256

f31cbfe50f6b800f6911e47e9784e3a7ade35538c514248d01efd310a9b060a3
SHA512

8d078ce7d7efecba870cef8e82305d8ff7e76d036c2f1b481ebc22e779164b955102decc14165f7994d798ee216cd8d772e3e8a664ed2f391661687701fce1e2

Score

10^/10

icedid 3415411565 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

otectagain.top

dilimoretast.com

Attributes

auth_var
16
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  5acb1a1562189471386f35e8d857671f
- SHA1
  
  1a613777a8af69159de7ea50959a67265c00f524
- SHA256
  
  5f037bbe5ebfe76ddb18bf9864f2747ef46e5083b7ce3d8c4694b8fdf228f51c
- SHA512
  
  11a89de54632b8daf09853456fafd7580c9eb46e310c495c3e5b1e52d338e68bf92a31c371d55eb47ac8e94661caefbed1265e1351c448836ddef465f49c00e1
Score

10^/10

icedid 3415411565 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  famous_32.dat
- Size
  
  46KB
- MD5
  
  480a3b3ad65324bd61e4ef311282ad50
- SHA1
  
  ece87bb9d61df1e4bb23011b06e82f95ce79387d
- SHA256
  
  bfde8f5f3455981ea8c63a1206182ef2b36ba2b0722c82692beeb17b8b0dde68
- SHA512
  
  282e981996a105c30c17a1d02a4f842049b6a4c10347732c9cc47c52367228e45c19658aa00da0d77a4225c3c89c14ab0a98e6e930c8f7a5abd9825cf2cc9108
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3415411565bankercore_loadertrojan

behavioral2

icedid3415411565bankercore_loadertrojan

behavioral3

behavioral4