icedid | 6652ddcac8409e8aebeb6b051ac58015b25340774ba22ff2f08d46c196cbd42c | Triage

Sharing

General

Target

stolenImages_20220629.zip
Size

419KB
Sample

220629-tt51vabacq
MD5

f20a6837929f54cc0ff21426ee758b2f
SHA1

12b8756d548f05e4caeb69a6e99a82ef60e7cc44
SHA256

6652ddcac8409e8aebeb6b051ac58015b25340774ba22ff2f08d46c196cbd42c
SHA512

2f10947a52cdcd48dbf6f803e38f97120b00e3fad4744c651740270eb41ab6f045c22f95c3994470954efd60622ccad89d77aaf06a7f12a941596696d76b8e05

Score

10^/10

icedid 3652318967 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3652318967

C2

yankyhoni.com

Targets

- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  6c2af96b292cb6a7c6446d533c8671e0
- SHA1
  
  d05130035893f1593be14105588df3f2262fd50c
- SHA256
  
  7d77120c1fcd7635d26e4f1041136bb382f832e170baf3640f238c9b51a1d220
- SHA512
  
  e0054f43f9c87c4c670600ec82b9576bd12b53feb21f5c55b7cd510611b91c38da0eaf4d84b5dd30adabffefd8ebf5e61526b9f2b706020576c8db385e33d364
Score

10^/10

icedid 3652318967 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  p3roms.dll
- Size
  
  731KB
- MD5
  
  063c291b1854f9505456c1e012ed9292
- SHA1
  
  95799f5ea6004efb0ada2fcaacd14dc44289474c
- SHA256
  
  838ff3bc1909cb7e10889bf67cbb56c2eadb2197af792cc6e589f58f935c5abf
- SHA512
  
  b5079eb741fecd21765b5a34edc287f99266bc9e28ef71fb5777cc6a250eed82a3c24631927270d2268ccacac786cb1ad816a1cb49f173add7d7a09d63fb85c0
Score

10^/10

icedid 3652318967 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3652318967bankerloadersuricatatrojan

behavioral2

icedid3652318967bankerloadersuricatatrojan

behavioral3

icedid3652318967bankerloadersuricatatrojan

behavioral4

icedid3652318967bankerloadersuricatatrojan