icedid | b3608f2907d2924d576fd27f1feda3a03695683fdfec2130a9a59426c0432870 | Triage

Submit
Reports

Overview

overview

Static

static

core.bat

windows7_x64

core.bat

windows10-2004_x64

Sharing

General

Target

core.zip
Size

458KB
Sample

220421-vdrc7abdem
MD5

d5b0c7bfda9cf6c553d0b24badaa943c
SHA1

cb9ce0cbad232f91d42ee7c3cdd155099af50b69
SHA256

b3608f2907d2924d576fd27f1feda3a03695683fdfec2130a9a59426c0432870
SHA512

8e07050068fb3679a30a38375780b4607746f2397c32dfd0d236ca4184087c96799f8b5c070a69abfed067b6c5990fcf94e90af2b0aa02de88f42f059a23b143

Score

10^/10

icedid 2406015698 banker collection core_loader core_payload spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

core.bat

Resource

win7-20220414-en

icedid 2406015698 banker collection core_loader core_payload spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

core.bat

Resource

win10v2004-20220414-en

icedid 2406015698 banker collection core_loader core_payload spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

icedid

Botnet

2406015698

C2

commamimubebe.site

asredetyr.site

aszepolityu.fun

likoportio.fun

Attributes

auth_var
6
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  949B
- MD5
  
  064cd7377e04e15604acc82e77154827
- SHA1
  
  27ec0914e4feab204a55f26be5734b7f5012f3b8
- SHA256
  
  73e21e5d4e92d3b0092cf9330311b4fcc912cb8bbf96cb732915208e397ab39f
- SHA512
  
  77d883025d0b6d60cb0b11ee70e25eefc569ae984af39929e16da53933f52cbb085de06756b88ff42cbee22927c7f2a227de2645e67feefa4dd412c05346117d
Score

10^/10

icedid 2406015698 banker collection core_loader core_payload spyware stealer trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2406015698bankercollectioncore_loadercore_payloadspywarestealertrojan

behavioral2

icedid2406015698bankercollectioncore_loadercore_payloadspywarestealertrojan

© 2018-2024

Terms | Privacy