icedid | 987a3d018965b3c2154644844470c392c8ef19ad31d637fd2cedd128fd754bb1 | Triage

Sharing

General

Target

file
Size

364KB
Sample

220322-ty8mjacfhl
MD5

4efcbb1a2226ccfcb816e77c60675fa2
SHA1

e7001c7f9d116883111106ab0bc4acda3c6e794c
SHA256

987a3d018965b3c2154644844470c392c8ef19ad31d637fd2cedd128fd754bb1
SHA512

39ce3ae564b2b4d4633fca8d5cbdc61d5df9f00e29f7c8a3fe4e3c911762d44b39cbe6b8a73c800fdf4db14cf6fc998d6a413249fc0db596731f4e7f2d8895e9

Score

10^/10

icedid 3415411565 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

otectagain.top

dilimoretast.com

Attributes

auth_var
17
url_path
/news/

Targets

- Target
  
  certain_x32.dat
- Size
  
  45KB
- MD5
  
  a4bed3d1585b79195ea9de8016f1a835
- SHA1
  
  903d2a6d2ea1e6415ce49d7c3e13f0be587bec91
- SHA256
  
  ce33860d7bc8a7df9426a9582cf054cf682bf8e26815aff27653badc40fdbae0
- SHA512
  
  3f654b3ce56a93a52745b539267ce52d1b239e2cbd9b0c645622f7c416366cae94203a0a7dc646ff12f82b8502d0bfa9d321931723767e470099894609ff58e2
Score

10^/10

icedid 3415411565 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  core.bat
- Size
  
  190B
- MD5
  
  ffe13b16e8fc49b7114b5fbe78b9bf2f
- SHA1
  
  5119fefee31998163c3b8210c2d0f4a942ffc6ef
- SHA256
  
  7955fc62725dc72af34d1f61f85d15a87a1ad425456cf6b624963163cbf44dac
- SHA512
  
  5487f6a9c7aaf2ea8e18412a916d0e6e442bf1a301d485a174035e5f704fe1dab6040e5df65fa5f9c9506567b6895a3f6861853cc1a337e5ce2710e6577c5fa0
Score

10^/10

icedid 3415411565 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3415411565bankercore_loadertrojan

behavioral2

icedid3415411565bankercore_loadertrojan

behavioral3

icedid3415411565bankercore_loadertrojan

behavioral4

icedid3415411565bankercore_loadertrojan