icedid | 869e8b742394a505f495ce94d01782d58b9afc7327940a2accf2042fc0972b83 | Triage

Sharing

General

Target

file
Size

363KB
Sample

220323-xteqfaach3
MD5

1eea61d74ac2d0230e6b55218cedf87c
SHA1

aa1f238656bcf1a83e93e5aabfbb05f6a92817d0
SHA256

869e8b742394a505f495ce94d01782d58b9afc7327940a2accf2042fc0972b83
SHA512

a6c74bf6d1657c51cb3c0590a5b94b9ccc11976c7305b36aa925c39f5afaff0bdd861cf5f4ed6b5a980b93c495ef637af9fcdd2c43dfbc330377202d545556be

Score

10^/10

icedid 3036889562 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3036889562

C2

stooryallice.com

yellowpyrrol.com

roomdetect.com

environmentbest.top

Attributes

auth_var
3
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  188B
- MD5
  
  1bc88881c82f35426e48f27de5c98003
- SHA1
  
  766fb820b706f21dd3d37efac8e937daf485d9f7
- SHA256
  
  eec0e5a1a8a21e713fe480883a9869a894c80a409ea06929de805e05c1ee14d6
- SHA512
  
  5c1d72bf225d8d07141b52cfcf22f13f8e2d0c34b6ed22d0adc6e68b3cf767ff54415c7178a8f6db2e66e819f28285cf9d1680777285138f7f8b08a83d8fa009
Score

10^/10

icedid 3036889562 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  health-x64.dat
- Size
  
  44KB
- MD5
  
  0c0ba99c34541ceb15aeef59f7f9dc1a
- SHA1
  
  649c6b086552d70889dbf0add2ba9de9af5c31fd
- SHA256
  
  f7c090881ce1fc5672604ecc2000cfe952b72a72bfbe631db8c9991f18ba2944
- SHA512
  
  46cab08fca4b0c8221ab3840459b9591583e90f7335f319c792a6d12817fe56191f2fc78a84d0243f5d3575f723b775a9405f0b184bb47d97692d10e63ee02f0
Score

10^/10

icedid 3036889562 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3036889562bankercore_loadertrojan

behavioral2

icedid3036889562bankercore_loadertrojan

behavioral3

icedid3036889562bankercore_loadertrojan

behavioral4

icedid3036889562bankercore_loadertrojan