icedid | 5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b | Triage

Resubmissions

10-04-2022 01:27

220410-bvcftafdg7 3

10-04-2022 01:26

220410-btybwsccap 10

22-03-2022 15:08

220322-shwscscegp 10

Sharing

General

Target

docs_invoice_173.iso
Size

210KB
Sample

220322-shwscscegp
MD5

e051009b12b37c7ee16e810c135f1fef
SHA1

415b27cd03d3d701a202924c26d25410ea0974d7
SHA256

5bc00ad792d4ddac7d8568f98a717caff9d5ef389ed355a15b892cc10ab2887b
SHA512

8ea0b905d829896c4a8380de578bced89b16c0be9b293f949ac4aa81679cc07da2ef71e9315c9f125cbf7d4c743ffb939671d64126c53437cad2311a73cf2cf7

Score

10^/10

icedid 3529509686 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3529509686

C2

oceriesfornot.top

Targets

- Target
  
  dar.dll
- Size
  
  147KB
- MD5
  
  4a6ceabb2ce1b486398c254a5503b792
- SHA1
  
  08a1c43bd1c63bbea864133d2923755aa2f74440
- SHA256
  
  4a76a28498b7f391cdc2be73124b4225497232540247ca3662abd9ab2210be36
- SHA512
  
  a7266dbfee0689fe9386686a6f892055fffb15f5c11e77bf6591ded82a00b884da9b13ce5a7f29c827ae91018d9f7e71e2e6abb99050da3419154ae1edf77394
Score

10^/10

icedid 3529509686 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
behavioral1 behavioral2
- Target
  
  document.lnk
- Size
  
  1KB
- MD5
  
  adf0907a6114c2b55349c08251efdf50
- SHA1
  
  aa25ae2f9dbe514169f4526ef4a61c1feeb1386a
- SHA256
  
  3bb2f8c2d2d1c8da2a2051bd9621099689c5cd0a6b12aa8cb5739759e843e5e6
- SHA512
  
  12d8f47079c712c0fd231ddb5dd7669e1345a3c1f531732b5ecb35895c98acbfb7a5fa49ca63e71084378355646baaa7bf8b3e10edaddf71d58a7ccde9c7f896
Score

10^/10

icedid 3529509686 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3529509686bankerloadersuricatatrojan

behavioral2

icedid3529509686bankerloadersuricatatrojan

behavioral3

icedid3529509686bankerloadersuricatatrojan

behavioral4

icedid3529509686bankerloadersuricatatrojan