icedid | 1ce62ff9dcbc297732a395d266e75749825fd9fbf03debee1762ee4c17a40ebf | Triage

Sharing

General

Target

ta578_zippediso.zip
Size

256KB
Sample

220628-ye2r4abhfm
MD5

8a2580d3666efe34c52bf7e7f31857ed
SHA1

07493998e57cc68e3e9d56f57bd1ff8a49884dd9
SHA256

1ce62ff9dcbc297732a395d266e75749825fd9fbf03debee1762ee4c17a40ebf
SHA512

e720750644e680ce7da90347f1e5e0c024b61aa1a4a7445a98befb3ead24c5da3a104b27e9bc8b01d931cd93cf317251883caa8963b1b3dd79b7fa0a7635e2f6

Score

10^/10

icedid 3568430872 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3568430872

C2

alionavon.com

Targets

- Target
  
  ta578_zippediso/documents.lnk
- Size
  
  2KB
- MD5
  
  ce783276c0618e3197fb2d3f51ae5790
- SHA1
  
  f42e8af4f540c3e6b6a77a8b272f976fc7d44b1d
- SHA256
  
  bb1fe6256cc9fc42bd74632871700af5f8663fe954a53378298b35c1f187f16b
- SHA512
  
  99485a9f6a7ab134a162c3a7de48284d76f946d877ac718899ec5c54fc3b00f3cc26070742993fbb823f200c6bfb7ebf98ab83be5881a7595f297a6773a5f05f
Score

10^/10

icedid 3568430872 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  ta578_zippediso/r7kom.dll
- Size
  
  451KB
- MD5
  
  0a9f8e76f2a48094e7a96de6069766f8
- SHA1
  
  ddde4068dedc775c34e7399f75835e9aa67828d0
- SHA256
  
  557084e424ed21e67a70cca4aeb93a7137b651fa3927fc45c9cbdd7706239ae3
- SHA512
  
  d86122e7ba21e5f5dd71caa723f743181202b89362ba97e0e52d85e31b686afc506c1e72559f30d4ac6c293c9ae8693d188f4f7be143c8e5b9fb6324c3824f12
Score

10^/10

icedid 3568430872 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3568430872bankerloadersuricatatrojan

behavioral2

icedid3568430872bankerloadersuricatatrojan

behavioral3

icedid3568430872bankerloadersuricatatrojan

behavioral4

icedid3568430872bankerloadersuricatatrojan