icedid | 31ebf23a6fbb1a362f4aa15d260dd679fe9bd8e1df48d245c7527634483b76c5 | Triage

Sharing

General

Target

7514196181.zip
Size

248KB
Sample

220531-24e66sggfl
MD5

faef27e76551c98d482de1752edfef89
SHA1

e4e7d1c9495d2e8ee1324a8c675982db6bf437aa
SHA256

31ebf23a6fbb1a362f4aa15d260dd679fe9bd8e1df48d245c7527634483b76c5
SHA512

8678e6a7cbf5c0505551a5020e71bcf2bed497b4e50dbe48b00b25b2b4aca627dbcfb6f2c8a1fdf5282196d4acd31949921cae841addea7c30a5007537a32b30

Score

10^/10

icedid 3681413287 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3681413287

C2

vadgeatemoz.com

akernilon.com

westdudil.com

leatyeals.com

Attributes

auth_var
3
url_path
/news/

Targets

- Target
  
  0d666f4a6b4bc85553377d594d41f3a4b5e1a28d8d293694821342faf10c9176
- Size
  
  464KB
- MD5
  
  c3f3b824bb6aa8b1784faf29d1503fce
- SHA1
  
  b2fcfd0140d3840988cd4d409668ba7fa76ea26c
- SHA256
  
  0d666f4a6b4bc85553377d594d41f3a4b5e1a28d8d293694821342faf10c9176
- SHA512
  
  80d966b71c3c90c126966a065e3a322ee6ebaa4b0c72671abde358f8303e27f48fe952d056893f931504cc38e9fc15ab8a47c6de18f08ff8c65002c0b97eb75f
Score

10^/10

icedid 3681413287 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3681413287bankercore_loadertrojan

behavioral2

icedid3681413287bankercore_loadertrojan