icedid | 248b6a65b656872525904122e75bd374b772e27c2a8fc6040ec6582fd207e536 | Triage

Sharing

General

Target

etest.hta
Size

99KB
Sample

220623-tj5bkagff3
MD5

84df3cea303f0410a2a70580b9155bf5
SHA1

987eed81fa0822853cb9f826994e75102e086694
SHA256

248b6a65b656872525904122e75bd374b772e27c2a8fc6040ec6582fd207e536
SHA512

610b39ec2989225794d0b12ef451bddc4bc4f3f77cd2159d9396ca425524256f17ea12b17957070a94704b5aa1a0b5fe5f915dd9d3c610aecc767315e1977616

Score

10^/10

icedid 3289900935 banker evasion loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3289900935

C2

ilzenhwery.com

Targets

- Target
  
  etest.hta
- Size
  
  99KB
- MD5
  
  84df3cea303f0410a2a70580b9155bf5
- SHA1
  
  987eed81fa0822853cb9f826994e75102e086694
- SHA256
  
  248b6a65b656872525904122e75bd374b772e27c2a8fc6040ec6582fd207e536
- SHA512
  
  610b39ec2989225794d0b12ef451bddc4bc4f3f77cd2159d9396ca425524256f17ea12b17957070a94704b5aa1a0b5fe5f915dd9d3c610aecc767315e1977616
Score

10^/10

evasion trojan icedid 3289900935 banker loader suricata
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- UAC bypass
  evasion trojan
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid3289900935bankerevasionloadersuricatatrojan