icedid | 62e0c1b292fbf1fea96706b9c34ad6ef90a68758ee20316e199b8c8dd0651dc8 | Triage

Sharing

General

Target

invoice_6_request.iso
Size

340KB
Sample

220414-seflzadbdn
MD5

3b922a54d1120596cef8cc6ca40d3ed6
SHA1

8eead5a34eaa28e207b392fdf8839d3c0c7eeae7
SHA256

62e0c1b292fbf1fea96706b9c34ad6ef90a68758ee20316e199b8c8dd0651dc8
SHA512

1c22ae149010af822b99f1f9281f40a866181c5d4e3318de879eb376646770e1260ae86afae1734c22f5ca301947a9c1c04cc80836523233d817042c5cc807ae

Score

10^/10

icedid 2763712970 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

2763712970

C2

fikasterwer.top

Targets

- Target
  
  document.lnk
- Size
  
  825B
- MD5
  
  8097815c15794edea58b9e1f89ee6994
- SHA1
  
  8b95eeaae1aacb1461357374514d356c022e14b5
- SHA256
  
  5d0e4719b91ef3f6a436bd76c6c47bc9561cba4918db1a34cc56bf28436cb222
- SHA512
  
  1b64d186c926173f0bff769ea9094754b7289d6a383e70d09c1f4bafd6ce5e8cbf4a482fe855aa186e7a101a3cbc5ba275deb35bed4aab31463a306ffd182e57
Score

10^/10

icedid 2763712970 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  namr.dll
- Size
  
  277KB
- MD5
  
  1989c9a8cd740d42c574e958c786661e
- SHA1
  
  817bef89d3a804d8d9e63f4fee762b0223ce8030
- SHA256
  
  2c777d55f2c0b3c273871cc40e70f9897c958629b086ad412c25b7fe49a73714
- SHA512
  
  f4a1025acdc638d8dcf25738fb41083b5b11bbd05a5625493258bbedd1fe6eff9c51d74a91714b171b0b0392877bad34b6e15ef98d913285ebceb8d2f63da3d5
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid2763712970bankerloadersuricatatrojan

behavioral2

icedid2763712970bankerloadersuricatatrojan

behavioral3

behavioral4