icedid | ebddaadbc63e606e1b6bafdc7f0089dc91a3789b772e3524d9ed3f8b4d0b7433 | Triage

Sharing

General

Target

bumblebee_1_2206024.zip
Size

200KB
Sample

220625-jc4rcabcfr
MD5

96d96211b51d955c1abe59d19fd8959c
SHA1

c5657aaa3ba78dc44fdfb6748b206c9711106d84
SHA256

ebddaadbc63e606e1b6bafdc7f0089dc91a3789b772e3524d9ed3f8b4d0b7433
SHA512

8a073af5236d4250fc9af34b6728d9eddcda01ba1b626561556fa5c214226cc4a1cadebbbed488c092aa09313f81b72157d71e06b86e879455bb09bdee09ffa1

Score

10^/10

icedid 3585208491 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3585208491

C2

bredofenction.com

Targets

- Target
  
  run.bat
- Size
  
  55B
- MD5
  
  a277e267f0e6ae54192b94dd79f9a9a9
- SHA1
  
  b76121f7cf012dc41729f7b7a6db869b1fb95ab7
- SHA256
  
  386dfbbd9246159b790559dc36588f4d2f9cdcf6642c1dcba6584424a11cc8fa
- SHA512
  
  fc060ed81566d976ffa8bbe1db8e0a8ff30cbc2ef16d3eefaecb27f010fe1b3539b72d0017bc1a77d6058cb1f47610b6a974c230ca1ed468ffc13de418394dc7
Score

10^/10

icedid 3585208491 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral1
- Target
  
  sol3nia.dll
- Size
  
  355KB
- MD5
  
  ead23724c63f172da6c8488061301b83
- SHA1
  
  06515afe057c32efdadcf720f2c8cb504328b28f
- SHA256
  
  0e72441cf05dd9cf1013251e102dcd0f48e4fa9408542a615c719c31601d7b22
- SHA512
  
  5ae5def6ae08983e7682b16e6af69949cc79b591199c40639eed2013ff8e9dcb39fdaaf684617cc1268251719fba076daf3a1d3b8c7f2960dd986f66b38f5deb
Score

3^/10
behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3585208491bankerloadersuricatatrojan

behavioral2