Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

48e69f94c801c87dc65c445d2a61398bc0708e41c78ef70a041d700f32a1dce6
Size

186KB
Sample

220508-2p7b4scegm
MD5

70c7108b898eb8b6c058a7c8c2994f96
SHA1

1ecc6f1a3f069588c2b25bf130587a0e67bf0997
SHA256

48e69f94c801c87dc65c445d2a61398bc0708e41c78ef70a041d700f32a1dce6
SHA512

a52afc3fc1bdb105ba8667bd277bb4a61f942ac9cf8fd14d128cbd971124491cac7b7066fbafac5ad7b8a090264c817842b4ff97bfadb411cf1b9ae629487ab2

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family	icedid
C2	vernerfonbraun.pw vernerfonbraun.pw

Targets

- Target
  
  48e69f94c801c87dc65c445d2a61398bc0708e41c78ef70a041d700f32a1dce6
- Size
  
  186KB
- MD5
  
  70c7108b898eb8b6c058a7c8c2994f96
- SHA1
  
  1ecc6f1a3f069588c2b25bf130587a0e67bf0997
- SHA256
  
  48e69f94c801c87dc65c445d2a61398bc0708e41c78ef70a041d700f32a1dce6
- SHA512
  
  a52afc3fc1bdb105ba8667bd277bb4a61f942ac9cf8fd14d128cbd971124491cac7b7066fbafac5ad7b8a090264c817842b4ff97bfadb411cf1b9ae629487ab2
Score

10^/10

icedid banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

icedidbankerloadertrojan

behavioral2

icedidbankerloadertrojan