icedid | 887b4d1431f6193b1cd7fd5c15c4687ebcf2cbe7b2cecbbcf41260e401ebeeea | Triage

Sharing

General

Target

file
Size

364KB
Sample

220322-wvdn4adaam
MD5

444a125aed7546e54ad51fa4338f67cb
SHA1

fd5354246d35b69855fda329f30d10308cee7608
SHA256

887b4d1431f6193b1cd7fd5c15c4687ebcf2cbe7b2cecbbcf41260e401ebeeea
SHA512

720d3dc0c9d2caa38a788c99f96403c726d12ea4dc14eb7637edc12356cb67a8cb1b617bcb64ba7141ffe399a5e362910330d903c9f04d32d5851763053b905c

Score

10^/10

icedid 3415411565 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

otectagain.top

dilimoretast.com

Attributes

auth_var
17
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  d89cd3f80a0c0c1d6ef962509e593e88
- SHA1
  
  cd9835745e5c2170255c6e28f80b27482d37155b
- SHA256
  
  6799f0bb30fec071f472a8c71d85ac59c39e3f6d9e9901628fef5b8698f49fe1
- SHA512
  
  0dba4611d2750ceed996555cec347098853d51154335a45d3a828ff5ba50e34698fdfc2f8f48c22a8da4cd7077ae0a97b6b88ebbe55e4a814cfd036519cd9eaf
Score

10^/10

icedid 3415411565 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  rely_x32.dat
- Size
  
  45KB
- MD5
  
  a4bed3d1585b79195ea9de8016f1a835
- SHA1
  
  903d2a6d2ea1e6415ce49d7c3e13f0be587bec91
- SHA256
  
  ce33860d7bc8a7df9426a9582cf054cf682bf8e26815aff27653badc40fdbae0
- SHA512
  
  3f654b3ce56a93a52745b539267ce52d1b239e2cbd9b0c645622f7c416366cae94203a0a7dc646ff12f82b8502d0bfa9d321931723767e470099894609ff58e2
Score

10^/10

icedid 3415411565 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3415411565bankercore_loadertrojan

behavioral2

icedid3415411565bankercore_loadertrojan

behavioral3

icedid3415411565bankercore_loadertrojan

behavioral4

icedid3415411565bankercore_loadertrojan