icedid | 430c736b3112dae51f0e93ac1120549a6cb453b52f6036e1d086a93afefc858b | Triage

Sharing

General

Target

mi90o.zip
Size

212KB
Sample

220518-jx8wssacaj
MD5

229476bd0abdc3dbcad71f86eb4fc664
SHA1

c6c59e8d33fc2105234d88dcba378473de3d40ba
SHA256

430c736b3112dae51f0e93ac1120549a6cb453b52f6036e1d086a93afefc858b
SHA512

ecdb89eb63a4c673a922ed5f1d30ef9ad1bc689fe7d406ea6014571804dacd383f7e14d94356af23c446d74fbb1bf245ab36ca2256c9dbcfd0bc5ff0940d6c4f

Score

10^/10

icedid 3068011852 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3068011852

C2

yolneanz.com

Targets

- Target
  
  documents.lnk
- Size
  
  1KB
- MD5
  
  fb7d17b5ec787f604a1c1a444ac13c03
- SHA1
  
  a72296fd3b7d5225a368ae3be57db9209315e1d7
- SHA256
  
  4ed0e46236e39c6efe3f1f96d6a1e3a5cc60b7bcfabe560823b141dcef4c66de
- SHA512
  
  1ffc5007e14aaacb9cafd31614a7f8fc9654f3c655cb5c167dd10c0a79e4703db902763ddaaabd8277e2c4849bbcabf30587123708e24343815874e61109ae1a
Score

10^/10

icedid 3068011852 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  mi90o.dll
- Size
  
  486KB
- MD5
  
  0ad0a1a3bfc696759bac79077654aa8a
- SHA1
  
  38bea715a0c8642e0d67213be6206bbe4b9afc44
- SHA256
  
  a8058555e8b476a0975d103228ec26b53cd71dac34d21f58acfc395a38acdb1d
- SHA512
  
  dd1588cbe8ac2915f0953976e8f5c837c1bb5fb7cf484fdeb46ba99ea070a0093a440cb876a88b909bd170502218d6fa52bf1c693611e9b973e53c870a3bc6d6
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3068011852bankerloadersuricatatrojan

behavioral2

icedid3068011852bankerloadersuricatatrojan

behavioral3

behavioral4