icedid | 1cb625ae9478f646f53fd2d807d14073803b9ca75d46656d4937d94f4b4d36a9 | Triage

Sharing

General

Target

s4pesa.zip
Size

412KB
Sample

220629-sm5aasaedk
MD5

f9590e5b42490a33415244b20f239f88
SHA1

cdbf4da9663b91cdb9b7d8cc4dc85b1c8fdc1b7b
SHA256

1cb625ae9478f646f53fd2d807d14073803b9ca75d46656d4937d94f4b4d36a9
SHA512

790d5b05e66e6e59adce9286e5a2a6c96c893f0a18b018e691643ea5cf7cd77e35232c476f54278c07689e191d9c100a660427ce0ac38fe861e88d9256d8b20c

Score

10^/10

icedid 3652318967 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3652318967

C2

yankyhoni.com

Targets

- Target
  
  s4pesa/documents.lnk
- Size
  
  2KB
- MD5
  
  77e1106d0ee3c074c5aa94663e62ca8c
- SHA1
  
  5149a36f2934cbe44a7066e96756d4ecb7a65cbd
- SHA256
  
  4633c5e89c5c9e60c3609dfb7f5ca1f0794c2b84c3468cdc2129d942d4e09cf3
- SHA512
  
  8644ef5ca3082bf4f062e53bdba5231f5b010c90fae919bb76f16dc46dae10a76e3ef94dca6d6ae709b4aaeb39b80eedbdc41298fc8d561e0561a51cde9575e6
Score

10^/10

icedid 3652318967 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  s4pesa/s4pesa.dll
- Size
  
  731KB
- MD5
  
  4259380320bcfe7d3065f0e82257e36c
- SHA1
  
  39e0b78813cb2b7f337338375469efad9ba2a79e
- SHA256
  
  8522e424d1742369c5e2700d194ad5d53d91b4864c3fddd74ac630b4249c1a87
- SHA512
  
  9137960f54302c4dfdd6bab68b977ca4649461c209d583a0c2e284d8b056cfc316d447570a3c8c1d6422a8d93c0bea217210e4f81cc3fb518148b70f750b3195
Score

10^/10

icedid 3652318967 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3652318967bankerloadersuricatatrojan

behavioral2

icedid3652318967bankerloadersuricatatrojan

behavioral3

icedid3652318967bankerloadersuricatatrojan

behavioral4

icedid3652318967bankerloadersuricatatrojan