icedid.zip

Target

icedid.zip

Size

458KB

Sample

220521-g19amadehr

Score

10 ^/10

MD5

3cbbb7d2ea4bb95aab6c4de5c55089d1

SHA1

c81cbb504fe502d829ee221ff57942c9c3029861

SHA256

570cc045bb9d945ca5e66ed76c80448d2c37f9a9073737057323b6e300592180

SHA512

d40c8f404d8b87f3d1c5e077a0137e9be7eb54b4c9d02ebb3e98c56509f864a73aeb8e24e64196b2cb010e99e0efe56317dd81ff318900aea6d05fabbd7a0fbf

Extracted

Family	icedid
Botnet	2406015698
C2	commamimubebe.site asredetyr.site aszepolityu.fun likoportio.fun commamimubebe.site asredetyr.site aszepolityu.fun likoportio.fun
Attributes	auth_var 6 url_path /news/

Extracted

Family	icedid
rsa_pubkey.plain

Target

core.bat

MD5

7ed83700f1db2f30269d8d7aab15fc38

Filesize

123B

Score

10^/10

SHA1

787f6c843d5b41562baceeb67d1dea686f0891eb

SHA256

2db50c09350bd707c6cd1c413f15f5360b8a9cd9145caafa07bffe29d1c6ea51

SHA512

974202b6def2cc1463452384c94f2d3d562115b7e571170f128197bd6600fffdd73feb4381bd3a647d9f473d88b15838d10e733539b009bd2d29fd2ec257d3f4

Signatures

IcedID, BokBot
Description

IcedID is a banking trojan capable of stealing credentials.
Tags

trojan banker icedid
Blocklisted process makes network request

Related Tasks

behavioral1

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

icedid 2406015698 banker core_loader core_payload trojan

10^/10

Extracted

Extracted

Tags

Signatures

IcedID, BokBot

Description

Tags

Blocklisted process makes network request

Related Tasks

static1

behavioral1