icedid | ae61277489a511da3c0ec4e8aae94c6b1205197b5bc3999cab880294ca0a3948 | Triage

Sharing

General

Target

core.zip
Size

674KB
Sample

220628-ttxpgaagbk
MD5

94fc6247b2baa8a86ffc930f31f3e6ca
SHA1

491d45b2359763eba21d45a003f7e16c4bf8e15e
SHA256

ae61277489a511da3c0ec4e8aae94c6b1205197b5bc3999cab880294ca0a3948
SHA512

ee5b9c9b4468c992c1b64b87d3c9a7da15e4d05bdf01831b584b27bca7ca25f0c8ffa0903a6ea55ac3de07b08cb55e06ae1d12c573711eede8d95151d437655d

Score

10^/10

icedid 1057461280 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1057461280

C2

allesborn.com

blaskmirror.com

Attributes

auth_var
4
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  190B
- MD5
  
  b112c1a5e2d658d89f7a767cd85322c5
- SHA1
  
  718ce431e17d4afbe33a688c22bfd56a870ed005
- SHA256
  
  461ef00d1700cf93f9dbac33be410a65c0b293ee732a571cf5652decb6816adb
- SHA512
  
  995e4bd9d6cd9cce7e9a66fc32e820c178e74d43de8f4050c9dd4cfd864113f8e62058b067ccf3ede0ed6f2082b2648a41a139c403675d56dc49732797452de3
Score

1^/10
behavioral1 behavioral2
- Target
  
  dwarfx64.tmp
- Size
  
  340KB
- MD5
  
  d887c4ae1ff288342c822414ed196d95
- SHA1
  
  fbba2fddfdca4763f7588646941908fb86322337
- SHA256
  
  17f0eb28cbc5881ac2b0c98db70afc5df189e3dc3bbb06a81cf387ed11d325ef
- SHA512
  
  b5bcb0b05b4c2f71887b7e576607bd2e20ba4a9287751c05efff5e9c8ffa92765a6d8e7f726436ab983ccb9a3dbba5fb95b0f7322e7746c7eda63232d5778fc8
Score

10^/10

icedid 1057461280 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid1057461280bankercore_loadertrojan

behavioral4

icedid1057461280bankercore_loadertrojan