icedid | ce28d57c54d4b5965106d956d3d3c0211c1dd591c881f34f3582775b07dce387 | Triage

Sharing

General

Target

TA578-IcedID.zip
Size

347KB
Sample

220614-arh9hsbddl
MD5

31a51cf11039ba7cf1d42eed6ee62b65
SHA1

3b2fbffeb3494f47af5a1d66d920bbb59b04c6fc
SHA256

ce28d57c54d4b5965106d956d3d3c0211c1dd591c881f34f3582775b07dce387
SHA512

94c70984f6d2767930f9d4ac3e5bddfad02d918c1a2054ba891ca3a942857434e1b1856c32e2c42a18900b2e246c2a98e63ac6e247085bbe002f96694d21217f

Score

10^/10

icedid 1328647508 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1328647508

C2

didojanza.com

Targets

- Target
  
  ahol3m.dll
- Size
  
  600KB
- MD5
  
  bd9713be8ab4a1faf11241bb18faa20e
- SHA1
  
  89cdc2142dd16e6026018483c686d028ea219deb
- SHA256
  
  ce90e85553cb19c787de4421a8bb0bc89c2f3c942cbc41bba92b6bf822d815bf
- SHA512
  
  7963f54c66435bc064953f81c59fa0bd3bc43fa22752df7cd5ef96404c41fa62672f2ea409273431930c840f35549ef557ffc33bed1fa354f7de158ee471ca3a
Score

1^/10
behavioral1 behavioral2
- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  248322abe291aa979c34ee5f9bd76e70
- SHA1
  
  fdfa1670324e951e44736b75b4c12d7aac1a4338
- SHA256
  
  518a3f0b6e5709fcf44b04208167a51f77e4c82283f71b800a6faf297431f36c
- SHA512
  
  a37819e37d2b93c2043c21339a81ddd7dcc43f933cad369313efe45fee9e51f51e30556455d1e720071f60596d298c594b789e4a1b4fdc104cc903df2c684805
Score

10^/10

icedid 1328647508 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid1328647508bankerloadersuricatatrojan

behavioral4

icedid1328647508bankerloadersuricatatrojan