icedid | 1d05de979e7e76488378237e121475bef8a7ad071e059fc26ff7339cd2120a65 | Triage

Sharing

General

Target

file
Size

363KB
Sample

220327-t9sqfsegfm
MD5

b6460cf1835db52565efd8bbeceab763
SHA1

a804a22e5d99be652a92ae4ef1a79b2f80e8944e
SHA256

1d05de979e7e76488378237e121475bef8a7ad071e059fc26ff7339cd2120a65
SHA512

c844b2383e9c2252529c8fee5ed655bc9dad087d2d562c4c41c93fb841264da61d986550cf4857313942f787a6e354d93a562434e8fac7a8dfc42e9030b93e12

Score

10^/10

icedid 3415411565 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3415411565

C2

antnosience.com

seaskysafe.com

otectagain.top

dilimoretast.com

Attributes

auth_var
18
url_path
/news/

Targets

- Target
  
  core.bat
- Size
  
  186B
- MD5
  
  e14de7f5eba87fa6b9466f4214c4d614
- SHA1
  
  25ed97a19eefa2e5d33013ceb95e386e70ac98f0
- SHA256
  
  e0326bb3bf6b5c2be434b3945229be63bef06830c2ad604671b8d4dc53db0ccc
- SHA512
  
  d7d7c0a6150d644147f924c85de27748d8c93aebb41fc37b6ba8f3dd4ef675cd0273d54443e4e76ee4acf3e4f9eb4a622184718f11e49d72bb39c5a68a4f29bf
Score

10^/10

icedid 3415411565 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  paper_x32.dat
- Size
  
  43KB
- MD5
  
  d3a9e33c7e606b711b1d658248d96d4a
- SHA1
  
  430273e227bb4445fbd92363dc97310ca3232b48
- SHA256
  
  85c49c0c2f9778edc03a6797ffa139b27538fd7060d6b80f2d00e23aa158e625
- SHA512
  
  e15c697ce13a8140fb41596def262d414f47453b0f01e96b8659caa5f024e8c81b5b2462230b992e081d368078ac33f3f37c0dae17bfd81b0a06c960494e0f3d
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3415411565bankercore_loadertrojan

behavioral2

icedid3415411565bankercore_loadertrojan

behavioral3

behavioral4