icedid | 209fb2790547b9ccff40a9eed598ca587b0240e843b0bd1ec7424c5db2e3f672 | Triage

Sharing

General

Target

core.zip
Size

1.2MB
Sample

220624-vwcyhsgdf4
MD5

29b51f0c990c2b0ce05f07b15855606d
SHA1

7bf306c8b6fe6dbfc4a1a0493499dae95ec116f2
SHA256

209fb2790547b9ccff40a9eed598ca587b0240e843b0bd1ec7424c5db2e3f672
SHA512

7bbe82a4ac532faa364a95c7b4b4a914d6d23ae4cff1aa6ed66207377a17f67066c9c7d6852be2116da9f050c991bac7851576bd2ca63a94141a34b6a0ebc35b

Score

10^/10

icedid 1501064257 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1501064257

C2

tekacuanm.com

pleashurehott.com

quuenkrauz.com

Attributes

auth_var
18
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  191B
- MD5
  
  25bde4fb4fe8e8f50488ee87ef97db59
- SHA1
  
  ccf95a0b55524aa89c5426e56ba683b70ca9abcf
- SHA256
  
  c856a9209c268d4b405eb18c0396850f4d30f3cf72d94c4aa4db11e116209f12
- SHA512
  
  dd6423be13e57d0fcec58109c82732a1919fb945a762e9d79c36cd59d81d875b5051abcd7007a152fe959adc8efcd44820542148561fd13f5b497278fc2ae0b6
Score

1^/10
behavioral1 behavioral2
- Target
  
  sugar_x64.tmp
- Size
  
  844KB
- MD5
  
  cb4932cb415b5f7523fa3cc197a9f129
- SHA1
  
  c70c5a482a63c3dd7fe52443d751cc98957b3efe
- SHA256
  
  33703ff5c1d72aa6998c9daeb8b39a17ce61f497ead16f63ab310a59db8c91f6
- SHA512
  
  e39fd079a630b2200666c091a00670619aa169d110d2b97b8b47f931ddaab63d589f583ee8aeab7e7479c57184d3c3a7ad4a3fddfd30489d8f5193ea4ccd492a
Score

10^/10

icedid 1501064257 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid1501064257bankercore_loadertrojan

behavioral4

icedid1501064257bankercore_loadertrojan