icedid | 187364ccb5e949f03459e59f086ee3423877edfbcbc86e4f374b86513f3c3181 | Triage

Sharing

General

Target

file
Size

363KB
Sample

220327-3g8ewaaedj
MD5

7a9c3e19f93e9d094155bd135ca0baa2
SHA1

9eb432a6a6d03fd280191061f758fdd76c63363a
SHA256

187364ccb5e949f03459e59f086ee3423877edfbcbc86e4f374b86513f3c3181
SHA512

a3459f4bcc16862a9c835106cece9c9bd565ab515094213cdf66a934f9b3ed7820fd4a790e0839ee80d0521e7eebbdfd7ded9ae502f1a1b1d74ea40593bf34f4

Score

10^/10

icedid 3415411565 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

otectagain.top

dilimoretast.com

Attributes

auth_var
18
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  e14de7f5eba87fa6b9466f4214c4d614
- SHA1
  
  25ed97a19eefa2e5d33013ceb95e386e70ac98f0
- SHA256
  
  e0326bb3bf6b5c2be434b3945229be63bef06830c2ad604671b8d4dc53db0ccc
- SHA512
  
  d7d7c0a6150d644147f924c85de27748d8c93aebb41fc37b6ba8f3dd4ef675cd0273d54443e4e76ee4acf3e4f9eb4a622184718f11e49d72bb39c5a68a4f29bf
Score

10^/10

icedid 3415411565 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  paper_x32.dat
- Size
  
  43KB
- MD5
  
  d3a9e33c7e606b711b1d658248d96d4a
- SHA1
  
  430273e227bb4445fbd92363dc97310ca3232b48
- SHA256
  
  85c49c0c2f9778edc03a6797ffa139b27538fd7060d6b80f2d00e23aa158e625
- SHA512
  
  e15c697ce13a8140fb41596def262d414f47453b0f01e96b8659caa5f024e8c81b5b2462230b992e081d368078ac33f3f37c0dae17bfd81b0a06c960494e0f3d
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3415411565bankercore_loadertrojan

behavioral2

icedid3415411565bankercore_loadertrojan

behavioral3

behavioral4