icedid | ff0f6e4913e696bc5431f398f9bba745339feb37ce70743bd1563d66086309a8 | Triage

Sharing

General

Target

iced.zip
Size

379KB
Sample

220614-mlbcyaheb5
MD5

1c0f99b46ef5e66e61f6cff5a2bc94d3
SHA1

ddc8159100da7b54b340383834fa9e87996a1c03
SHA256

ff0f6e4913e696bc5431f398f9bba745339feb37ce70743bd1563d66086309a8
SHA512

d3edfdb67f89ec2883fcfc709df88e38fbbbc7ce949b98feaaaf7b41f56ea93ce9d8435ddfb2fa7c88b1f6bfa8bb9870ee443e209a657057552c6115287f0ef5

Score

10^/10

icedid 3366658159 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3366658159

C2

plocganga.com

Targets

- Target
  
  iced/Microsoft_Teams_installer.exe.lnk
- Size
  
  2KB
- MD5
  
  78496da0b847ceb2d84d4ea53b21db48
- SHA1
  
  ee26f8ba4f9c30dc94584f413405fdcf58d14d22
- SHA256
  
  bd05a4dc16dc60ac36f2635ede515238c66c18717626c5f7ec27c77738bc7816
- SHA512
  
  e2dfcec7218cf74d530ececa384d20ecc40582a04df8c77d1b8dddcfdf3224d239cb60dad44530eb16cd2a4248e956ba8a9c7363f1e2019e2d2428c52f878a4d
Score

10^/10

icedid 3366658159 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  iced/run.dll
- Size
  
  35.6MB
- MD5
  
  28fb9b44549348e9c8aad336b087bf83
- SHA1
  
  cf62e0ef9ecf5c9cb699a075332edce245d7927d
- SHA256
  
  0be5391025a89043913a6ac582b4d48ed581943e4c359f6b8a6c0333d9c938ed
- SHA512
  
  9fdabe734894155c72a2028446ca9c52353d3cf96d6aa047ed5d3069d01c9f620a1ae7fbdbaa1b391fe3151a49e0c451756ca907134aab1cea9a73996b9d44f4
Score

10^/10

icedid 3366658159 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3366658159bankerloadersuricatatrojan

behavioral2

icedid3366658159bankerloadersuricatatrojan

behavioral3

icedid3366658159bankerloadersuricatatrojan

behavioral4

icedid3366658159bankerloadersuricatatrojan