icedid | c129a8bf28d476a7280535f0ce192769d8cb1fa519bab306ff506c08cbcf7436 | Triage

Sharing

General

Target

document-140.iso
Size

472KB
Sample

220325-snh4fshdf6
MD5

e3d21b18a4f2ce858b0d5f4f609ae4e4
SHA1

56e7fca77cb88ef781de1afa5334ad98bcff8af4
SHA256

c129a8bf28d476a7280535f0ce192769d8cb1fa519bab306ff506c08cbcf7436
SHA512

fc532aacd659425eaa5e0187278ed283b2f06f578d354509718dec04659577baecb30badfd737a1684deef7d0ce9caf008a3ad5c4f795629b0de74a103e7a914

Score

10^/10

icedid 0 3714063495 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3714063495

C2

ritionalvalueon.top

Extracted

Family

icedid

Campaign

0

Targets

- Target
  
  Attachment.png
- Size
  
  172KB
- MD5
  
  9475b7adad618d206048c12e19cf04ce
- SHA1
  
  5e6069a771ca0bdc894fe3fb6cbdcb3a31141c7a
- SHA256
  
  ab662ea48da7b3effc7d6d30b60364dd77dcde3592ce7649bd6d0d41d0da6fc8
- SHA512
  
  ac5795697220f9266f01849f70e008b3febca730ba77169bf9c39c30e12200539193c5a9b91e1f1f3e49fc016acb7a442654120979641fab1cc2eb9c3b1ba441
Score

3^/10
behavioral1 behavioral2
- Target
  
  Attachment.png.lnk
- Size
  
  1KB
- MD5
  
  f69905d19f03b83058a219513a0a7e48
- SHA1
  
  d0b0b2f0f27e054a0ab0f5e59a149d3d3552703e
- SHA256
  
  86ecbf142d41beffff01fdd56fb9c9786e2826cfe00593abeeb69162daf9d808
- SHA512
  
  c9c5aad4f5d5ca9d89b64a689977630a01b8075336e90edb6279c1064b735dc704e72b08daca807cdc968a8e57dc708d1d7e4c830c15aab73fdd62f486ef2b7f
Score

10^/10

icedid 3714063495 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  FwlRpmIPXx.exe
- Size
  
  242KB
- MD5
  
  febd4b99b0131d10d95e71e9ec1d2476
- SHA1
  
  8d161b857215a037dcde09c9227d2784984f9fd8
- SHA256
  
  16641647772f6572cdf8554198279560e98ce8e686f4433ca64e2031b8ffabdc
- SHA512
  
  e112810667cbff52f5d82a17f7bf6274585511d020d050c9e457dc10308e651f8afad069765ae6f7d971ad771da20ee90162c5ed54490c2b255f7d324d049c13
Score

10^/10

icedid 0 3714063495 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  z.ps1
- Size
  
  74B
- MD5
  
  971ae666b08904d27d0bc1ec89e2e675
- SHA1
  
  2ae80407a83e75de19aedce5b1b2e6d2a11f8e34
- SHA256
  
  1069f03121aa55c0bec9e7dd66e279f061bffba0a72519497531c5b5dd851fed
- SHA512
  
  f13bc4298fae46bdcb9451173268c2ea1c4d56e02881442303ecf94a30f81d21649922e05d88456f7e64500ed62b2da034bdd7a292ab69bf21ae543364965fb3
Score

10^/10

icedid 0 3714063495 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

icedid3714063495bankerloadertrojan

behavioral5

icedid03714063495bankerloadertrojan

behavioral6

icedid3714063495bankerloadertrojan

behavioral7

icedid03714063495bankerloadertrojan

behavioral8

icedid3714063495bankerloadertrojan