icedid | 570cc045bb9d945ca5e66ed76c80448d2c37f9a9073737057323b6e300592180 | Triage

Sharing

General

Target

icedid.zip
Size

458KB
Sample

220521-g19amadehr
MD5

3cbbb7d2ea4bb95aab6c4de5c55089d1
SHA1

c81cbb504fe502d829ee221ff57942c9c3029861
SHA256

570cc045bb9d945ca5e66ed76c80448d2c37f9a9073737057323b6e300592180
SHA512

d40c8f404d8b87f3d1c5e077a0137e9be7eb54b4c9d02ebb3e98c56509f864a73aeb8e24e64196b2cb010e99e0efe56317dd81ff318900aea6d05fabbd7a0fbf

Score

10^/10

icedid 2406015698 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

2406015698

C2

commamimubebe.site

asredetyr.site

aszepolityu.fun

likoportio.fun

Attributes

auth_var
6
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  123B
- MD5
  
  7ed83700f1db2f30269d8d7aab15fc38
- SHA1
  
  787f6c843d5b41562baceeb67d1dea686f0891eb
- SHA256
  
  2db50c09350bd707c6cd1c413f15f5360b8a9cd9145caafa07bffe29d1c6ea51
- SHA512
  
  974202b6def2cc1463452384c94f2d3d562115b7e571170f128197bd6600fffdd73feb4381bd3a647d9f473d88b15838d10e733539b009bd2d29fd2ec257d3f4
Score

10^/10

icedid 2406015698 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid2406015698bankercore_loadercore_payloadtrojan