General
Target

675a43500f32535f721aad0814259f258dcaf8752c4066de96905105a2d01df5

Size

224KB

Sample

220502-bqfyfagfc9

Score
10/10
MD5

1fed8d8ea7227badc57cb9a25fe55136

SHA1

d3b7a15a58d97544ad3ba1d2f11834c2e701b8d4

SHA256

675a43500f32535f721aad0814259f258dcaf8752c4066de96905105a2d01df5

SHA512

2b8fd50920b5d2b0689c8028f74d59baafa87cf1d7fcc1941128238742276bff4ac8426a60dd7a20695bf64a2f6b5d2fd27a17ea3ca8c3796ee3aa93a6bed894

Malware Config

Extracted

Family

icedid

C2

loadberlin.casa

Targets
Target

675a43500f32535f721aad0814259f258dcaf8752c4066de96905105a2d01df5

MD5

1fed8d8ea7227badc57cb9a25fe55136

Filesize

224KB

Score
10/10
SHA1

d3b7a15a58d97544ad3ba1d2f11834c2e701b8d4

SHA256

675a43500f32535f721aad0814259f258dcaf8752c4066de96905105a2d01df5

SHA512

2b8fd50920b5d2b0689c8028f74d59baafa87cf1d7fcc1941128238742276bff4ac8426a60dd7a20695bf64a2f6b5d2fd27a17ea3ca8c3796ee3aa93a6bed894

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • IcedID First Stage Loader

    Tags

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          Score
                          N/A

                          behavioral1

                          Score
                          10/10

                          behavioral2

                          Score
                          10/10