icedid | 818e437ec86a636f390c6fc541df679453a8555f8360bee460eed3bbfeaa97db | Triage

Sharing

General

Target

s3lop1n.zip
Size

482KB
Sample

220623-kwnd5scdck
MD5

88b5b117d86c08906c477cff46079f68
SHA1

747397c84a78940220f702c4400f3b12a95dbd98
SHA256

818e437ec86a636f390c6fc541df679453a8555f8360bee460eed3bbfeaa97db
SHA512

1238a2ce806f2dc8a217af8863dd2d978d9e9b4ac21bb04f1df8dca7bf024ca7c19fe29c4b5657d224707cc6ae8441e2967906f4800f21fd931da9e743442824

Score

10^/10

icedid 3433768635 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3433768635

C2

bredofenction.com

Targets

- Target
  
  s3lop1n/documents.lnk
- Size
  
  2KB
- MD5
  
  067934b94afe525ffcea8f416efd0147
- SHA1
  
  273b442f0872a70e155b0434f0e4cb44a1d58f3a
- SHA256
  
  e72bd6fcd8251293848bc8be89844720f530835aabbae5e5d33d91c659e15b69
- SHA512
  
  17310703816a2284af89bcf214069e76840efa8322518861e94d5907f47410202b7c121f53b9a7967a8750d7b83244d566c62d0940b2c8713c4cd3923877cd80
Score

10^/10

icedid 3433768635 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  s3lop1n/s3lop1n.dll
- Size
  
  861KB
- MD5
  
  057e85ae8e4bac4927d6b0c0d5c11b90
- SHA1
  
  c87c9b43e23b79d7c07f6d96e0a3bd593ee74c72
- SHA256
  
  5f681294177b7d8b78afed82dc36bd1f7d7daa4a13e514af0b18147b38431dd9
- SHA512
  
  b757cbfc1590483fea34a5acd2f948f85494dd2e9641e76160a5a5164c49d0e0e9bef8ae28ba683900599aed347f22ccc9198b3bac9162d8031083c9ba4628a7
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3433768635bankerloadersuricatatrojan

behavioral2

icedid3433768635bankerloadersuricatatrojan

behavioral3

behavioral4