icedid | 59ddf7fd2901ffddc12d730d41a59ef51a0cf834145bcf883d8c1106b6aad0c7 | Triage

Sharing

General

Target

59ddf7fd2901ffddc12d730d41a59ef51a0cf834145bcf883d8c1106b6aad0c7.iso
Size

480KB
Sample

220627-xalpmscgeq
MD5

1effd4b7c5e5fa409daaa8330e0c4204
SHA1

62b8bd1075f61ba49c20d45bdb63f329c2aca173
SHA256

59ddf7fd2901ffddc12d730d41a59ef51a0cf834145bcf883d8c1106b6aad0c7
SHA512

9b1fe0fa6e0fc7a0704ddb6d06a42cdb488b94356d2fb08f1f2d0b780cecf555eae3ff46a974298ac11297ca49c6ed3311c86a5dd2bef7ab1796661db5ab1e9c

Score

10^/10

icedid 3239568078 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3239568078

C2

carbrownleger.com

Targets

- Target
  
  878.dll
- Size
  
  353KB
- MD5
  
  986e75b5f349d6066edd3c4b5428b21c
- SHA1
  
  909f7b67f329152299dd2c194e17bb71ad5ffa9e
- SHA256
  
  42435ec9bb4f504231565acd20f873fe7800cc1219e724e116e11a5bf5db1bb6
- SHA512
  
  3baa45314e2aa16b97fc5a377a23e9b6820b4b4c6bdd13a5006c5fc3e2f44c83acc774be29623f8f3457fe3562c3292386495f10183a9cc9d49e46a151120cd1
Score

10^/10

icedid 3239568078 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  demand_letter.jpg.lnk
- Size
  
  1KB
- MD5
  
  d01dc2fbb602e1058ae56f07fe895513
- SHA1
  
  decf03519d25e17b858d398d299b082ecf7e1fd1
- SHA256
  
  1040fce86562017f6eea2e609d1e7a49e928d140ac0e3bb30fd290f2b29d117b
- SHA512
  
  da7e540394e342db69fefa0c84d55d20e96f4e1764bb32fd4f87bd332b22d6a8b8923453aad2ab1f478200797fbdc68b8eddb618a8e2bc8e813e9f6c1bf08365
Score

10^/10

icedid 3239568078 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  vGhhsvfLkp.ps1
- Size
  
  61B
- MD5
  
  8436a7bea697c48edaf67b93f46d02b0
- SHA1
  
  6f61548db8a87df80e2ca4f37fd02d70edae3e16
- SHA256
  
  7431c53295cf5952fc32ad1da45022c644d54578ed0ae55c0837b8b25e005e19
- SHA512
  
  b22ff1716ee34789f7ca168c93e768d37c05d4ce37345799645ced25e5742b44c79741a05db73995028bb7be6219f03b9b5670bff569a6281ef5fb33b78d654c
Score

10^/10

icedid 3239568078 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3239568078bankerloadersuricatatrojan

behavioral2

icedid3239568078bankerloadersuricatatrojan

behavioral3

behavioral4

icedid3239568078bankerloadersuricatatrojan

behavioral5

icedid3239568078bankerloadersuricatatrojan

behavioral6

icedid3239568078bankerloadersuricatatrojan