icedid.zip

General
Target

icedid.zip

Size

458KB

Sample

220521-g19amadehr

Score
10 /10
MD5

3cbbb7d2ea4bb95aab6c4de5c55089d1

SHA1

c81cbb504fe502d829ee221ff57942c9c3029861

SHA256

570cc045bb9d945ca5e66ed76c80448d2c37f9a9073737057323b6e300592180

SHA512

d40c8f404d8b87f3d1c5e077a0137e9be7eb54b4c9d02ebb3e98c56509f864a73aeb8e24e64196b2cb010e99e0efe56317dd81ff318900aea6d05fabbd7a0fbf

Malware Config

Extracted

Family icedid
Botnet 2406015698
C2

commamimubebe.site

asredetyr.site

aszepolityu.fun

likoportio.fun

Attributes
auth_var
6
url_path
/news/

Extracted

Family icedid
rsa_pubkey.plain
Targets
Target

core.bat

MD5

7ed83700f1db2f30269d8d7aab15fc38

Filesize

123B

Score
10/10
SHA1

787f6c843d5b41562baceeb67d1dea686f0891eb

SHA256

2db50c09350bd707c6cd1c413f15f5360b8a9cd9145caafa07bffe29d1c6ea51

SHA512

974202b6def2cc1463452384c94f2d3d562115b7e571170f128197bd6600fffdd73feb4381bd3a647d9f473d88b15838d10e733539b009bd2d29fd2ec257d3f4

Tags

Signatures

  • IcedID, BokBot

    Description

    IcedID is a banking trojan capable of stealing credentials.

    Tags

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks