General

  • Target

    iced_refactor.bin

  • Size

    142KB

  • Sample

    220430-smq3nsedak

  • MD5

    19dbc26b28ce2273525b58e51d4dcca8

  • SHA1

    46a47cc9f47141b97ff16c2344d1c4f65daa3f4f

  • SHA256

    eb6520c9bb2387de33c47ba017648f03140359c5d143cee68daf24654d9b5b76

  • SHA512

    39303e94c161388e650e4aa1d794c8bf4e95d2e5cbb1e33530903ac569ff84af2e1d5963762f82a2bf9922b91212a769d13cfa1b3e103eb716af249b6700add5

Malware Config

Extracted

Family

icedid

C2

boldidiotruss.xyz

nizaoplov.xyz

153ishak.best

ilu21plane.xyz

Targets

    • Target

      iced_refactor.bin

    • Size

      142KB

    • MD5

      19dbc26b28ce2273525b58e51d4dcca8

    • SHA1

      46a47cc9f47141b97ff16c2344d1c4f65daa3f4f

    • SHA256

      eb6520c9bb2387de33c47ba017648f03140359c5d143cee68daf24654d9b5b76

    • SHA512

      39303e94c161388e650e4aa1d794c8bf4e95d2e5cbb1e33530903ac569ff84af2e1d5963762f82a2bf9922b91212a769d13cfa1b3e103eb716af249b6700add5

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • IcedID Second Stage Loader

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation