icedid | 7354552c28ad25c6c83e84f1ef7da0a8a53dc9ba8177416c1f4be229130505b5

General

Target

document 2.iso
Size

2.2MB
Sample

220623-gj96laefd5
MD5

f00ee02812c8e68ff8e9e701c051fafe
SHA1

7d0866e47cc51a09b3441805fb21a06a349048b8
SHA256

7354552c28ad25c6c83e84f1ef7da0a8a53dc9ba8177416c1f4be229130505b5
SHA512

8856fb7ea9cdc6d36062dfbd6165b1da9ad5c70e33dab6d4bab7bf785f788d6ebbd95e1488f44d98957f369053e9e0fa5095fcf6c95d808ac04142cbf9b1608b

Score

10^/10

Malware Config

Extracted

Family

icedid

Campaign

3433768635

C2

bredofenction.com

Targets

- Target
  
  document 2.iso
- Size
  
  2.2MB
- MD5
  
  f00ee02812c8e68ff8e9e701c051fafe
- SHA1
  
  7d0866e47cc51a09b3441805fb21a06a349048b8
- SHA256
  
  7354552c28ad25c6c83e84f1ef7da0a8a53dc9ba8177416c1f4be229130505b5
- SHA512
  
  8856fb7ea9cdc6d36062dfbd6165b1da9ad5c70e33dab6d4bab7bf785f788d6ebbd95e1488f44d98957f369053e9e0fa5095fcf6c95d808ac04142cbf9b1608b
Score

10^/10

icedid 3433768635 banker discovery loader persistence suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

IcedID, BokBot

suricata: ET MALWARE Win32/IcedID Request Cookie

Blocklisted process makes network request

Downloads MZ/PE file

Drops file in Drivers directory

Executes dropped EXE

Registers COM server for autorun

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2