Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

8e5b7c76ad5c02bbf42f0918400138f60a578f42c63ad26bb56ff5311478e867
Size

135KB
Sample

220521-awgaqaahb5
MD5

17a032f1bc160b9e14e8f8de24c60e1c
SHA1

66f75de88d8fbef7a32f2aade9da8fc0d38255ce
SHA256

8e5b7c76ad5c02bbf42f0918400138f60a578f42c63ad26bb56ff5311478e867
SHA512

29715f4decb051489f158f3e0350753a464d536bcce7f34983714abef98ba5ff938477a33c2a8c869c50fb153dea90ddd0fdd740591b685b8e0a745173cd8c9b

Score

10^/10

icedid banker loader trojan

Malware Config

Extracted

Family	icedid
C2	ldrfeelings.casa ldrfeelings.casa

Targets

- Target
  
  8e5b7c76ad5c02bbf42f0918400138f60a578f42c63ad26bb56ff5311478e867
- Size
  
  135KB
- MD5
  
  17a032f1bc160b9e14e8f8de24c60e1c
- SHA1
  
  66f75de88d8fbef7a32f2aade9da8fc0d38255ce
- SHA256
  
  8e5b7c76ad5c02bbf42f0918400138f60a578f42c63ad26bb56ff5311478e867
- SHA512
  
  29715f4decb051489f158f3e0350753a464d536bcce7f34983714abef98ba5ff938477a33c2a8c869c50fb153dea90ddd0fdd740591b685b8e0a745173cd8c9b
Score

10^/10

icedid banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

icedidbankerloadertrojan

behavioral2

icedidbankerloadertrojan