icedid | 45cc3540aa432f9da14d3270c105a8c963854a4f9baebbd903ff4012246cf181 | Triage

Sharing

General

Target

7613726171.zip
Size

189KB
Sample

220628-xhhmysbfdl
MD5

b9b79ac573027718fbeebda1553d87be
SHA1

4d9ee5de0d3e6614c89c15e06cd940acc86e3d9f
SHA256

45cc3540aa432f9da14d3270c105a8c963854a4f9baebbd903ff4012246cf181
SHA512

e842e2c151dad907180aa4f91fe9beed5c754c52aed931600226e32d61832094fcf742eca649c462f9e94126425dfcb1e986b90dd65d282ae5d290871eb8fd7b

Score

10^/10

icedid 3239568078 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3239568078

C2

carbrownleger.com

Targets

- Target
  
  bb6e595f8913dde111d0e8f1032c7464a1ca153426a87a45cc749fe9e6599d23
- Size
  
  352KB
- MD5
  
  09a07ae80aaf96dffca15b4e44fbda49
- SHA1
  
  23b4b441ccece18f1c638b358828096c7ae6bec8
- SHA256
  
  bb6e595f8913dde111d0e8f1032c7464a1ca153426a87a45cc749fe9e6599d23
- SHA512
  
  8cf51ff6909bc4e238ed0e24fac798a41bc56c4412fdb068b2207a3983688a94b4654dbaa1acfaae0b1ff5cf572132a52971bc66edd4ee51316a755bd067a2bf
Score

10^/10

icedid 3239568078 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3239568078bankerloadersuricatatrojan

behavioral2

icedid3239568078bankerloadersuricatatrojan