icedid | 653ce0a5a10034f67ee8b532c0dceff339cdabe1cef35633cface24b124b6688 | Triage

Sharing

General

Target

ta578.zip
Size

256KB
Sample

220628-x68jaabhcl
MD5

45d2816df1b3db1c6132d9a0936532cd
SHA1

f747de13ddd1aa298df8bc895c19f3e978fc502a
SHA256

653ce0a5a10034f67ee8b532c0dceff339cdabe1cef35633cface24b124b6688
SHA512

79e190e74d538c469693fd6e7b78b40d970edb983f40534ba4e29a682cd8197b272a9b517e0846f72a4e5b4c560b148bcfbc0837881c1d4eba1abf76aebcfd9b

Score

10^/10

icedid 3568430872 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3568430872

C2

alionavon.com

Targets

- Target
  
  ta578/documents.lnk
- Size
  
  2KB
- MD5
  
  bb31db59e05077fb9a7c3c87d1b98db9
- SHA1
  
  2ea630b90c9cbb41ae50145946c1e47c499c8df2
- SHA256
  
  3082534af9d5dcfbe3e2c5b02bce8fec53177ef89d9db6c116dafed1663a43f1
- SHA512
  
  3e2020dfcd3154c5f3b1d907f5fc3a31d55f9e780a7a4b3b82541cabcb94478c2caafe1672493d030616265109c33f7760363ca464638b90f302119612605d21
Score

10^/10

icedid 3568430872 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  ta578/r7kom.dll
- Size
  
  451KB
- MD5
  
  3d8babbf76ac87dd545bf7aaea428ecc
- SHA1
  
  366da15a527f05dbb969535c39e727914bf471c8
- SHA256
  
  5974b53f8d2c81efbe432c0df6afb20216d7a39d78d7a570160b154eb8c0c816
- SHA512
  
  0d4c45be8f6a2162c4b0bccb6caf6512402bb96e7757fd3462f8583f5f8444db9bd2a4894381a0bcc6d64dad04039739a968d456aef2cfcc3d9ee8d6ba804257
Score

10^/10

icedid 3568430872 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3568430872bankerloadersuricatatrojan

behavioral2

icedid3568430872bankerloadersuricatatrojan

behavioral3

icedid3568430872bankerloadersuricatatrojan

behavioral4

icedid3568430872bankerloadersuricatatrojan