icedid | cb36a1d799acc290f4152471f539c5dc443dac0ba6d46c402ed86a1b5257db0c | Triage

Sharing

General

Target

core.zip
Size

364KB
Sample

220325-tasamseefm
MD5

04f3e8e5dc4cd624e5812bc7a1d7ebe2
SHA1

0271ab6ef296a4c0a3bc030dd83e88f22976e3d7
SHA256

cb36a1d799acc290f4152471f539c5dc443dac0ba6d46c402ed86a1b5257db0c
SHA512

e0ce76bbfe1a59929a4836f12eb5d9e491bb0076185d46fd6accf655a2432fcad2274b3c2c83907d75ec90b6a98435c83366669912c094d3d6d664c0d7d66c84

Score

10^/10

icedid 3415411565 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

otectagain.top

dilimoretast.com

Attributes

auth_var
18
url_path
/news/

Targets

- Target
  
  core/cmd.bat
- Size
  
  191B
- MD5
  
  3cec7da4286fb8df01a057c04cc16b34
- SHA1
  
  be35d3e4fd882a807495f1dec189d09324b79612
- SHA256
  
  9eab93f08e471564ec1512005abb8e055119eefa66d12296487351e546aeb56c
- SHA512
  
  4d026d0dddf21aa105c9c0b45f791c5651c7dffb89701bf52fb71c7954648687f1be996d30c48ebe923794aeec31730f3dedb4df2e69b70c72f8dce0ed4d8d00
Score

10^/10

icedid 3415411565 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  core/paper_x32.dat
- Size
  
  43KB
- MD5
  
  d3a9e33c7e606b711b1d658248d96d4a
- SHA1
  
  430273e227bb4445fbd92363dc97310ca3232b48
- SHA256
  
  85c49c0c2f9778edc03a6797ffa139b27538fd7060d6b80f2d00e23aa158e625
- SHA512
  
  e15c697ce13a8140fb41596def262d414f47453b0f01e96b8659caa5f024e8c81b5b2462230b992e081d368078ac33f3f37c0dae17bfd81b0a06c960494e0f3d
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3415411565bankercore_loadertrojan

behavioral2

icedid3415411565bankercore_loadertrojan

behavioral3

behavioral4