icedid | d67ba0a3ca036878173f05263974d2ddc3b4dd8eb853f480153698b596bcd37c | Triage

Sharing

General

Target

1d8bb9ad72663a648e97e982181c3b34563c3a7b438f6ec11814a4b7f255bc95.7z
Size

30KB
Sample

220513-awl6zaebgr
MD5

cdd82a4e54f464d7ade2e672cd72ad26
SHA1

e784adde2152fd8db90e9cc07e88045f49a8dac6
SHA256

d67ba0a3ca036878173f05263974d2ddc3b4dd8eb853f480153698b596bcd37c
SHA512

08efe5326ec1abbae49a495781547452f5df91efe74ff5e31b7d4ee15ae36ee0dd5c5e8bf378ee7d53af3ad48218154317419e0ff8cea1852c1d402911f2afd2

Score

10^/10

icedid 3055369807 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3055369807

C2

yellwells.com

Targets

- Target
  
  1d8bb9ad72663a648e97e982181c3b34563c3a7b438f6ec11814a4b7f255bc95
- Size
  
  83KB
- MD5
  
  a9a09b7690af936793d55af919f1725d
- SHA1
  
  5f8b2c4715f45357e3e2376e309a472683086829
- SHA256
  
  1d8bb9ad72663a648e97e982181c3b34563c3a7b438f6ec11814a4b7f255bc95
- SHA512
  
  a51725e82169d8369e722fd602134f2945073cbeedb800d440caf3d08204025eb79ccc9f82afc5c4be8235571ee5929f88ed384c2cfb101419caa891114bede7
Score

10^/10

icedid 3055369807 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid3055369807bankerloadertrojan