icedid | 87502ec6bc99fdad2d6092b022d35446123fd00e8ab9b5831939d32b7ba5a4de | Triage

Sharing

General

Target

inv87162.iso
Size

804KB
Sample

220629-xsskxadhd3
MD5

8c68ce9792abd3b3b6f0b3b98aa33da9
SHA1

d9687ae99c1a3b8875a02fbbddedbf15b5070156
SHA256

87502ec6bc99fdad2d6092b022d35446123fd00e8ab9b5831939d32b7ba5a4de
SHA512

9b9bf204083f060fecb5b4fe2198e86c4c4ba4b6cd8821ea09f2facca024d9a553106b9a5c8532040a1bc45f88d7f3ba09c069e9f52a4829d2319fb6daed9069

Score

10^/10

icedid 1842176049 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1842176049

C2

carismortht.com

Targets

- Target
  
  33667344.dll
- Size
  
  734KB
- MD5
  
  a1f7315db077f4439da7547f1157245d
- SHA1
  
  adcb94e14189aacbe2486a77ef9a4026db1384b9
- SHA256
  
  8b6fdabfcc653d84055464fd6d924fc931a7468fc362433569d74f65bad8e1dc
- SHA512
  
  71dcb2133815f1903c31d6e720af2cefec9e77b58be000a8d359e7c682ba86862f303c74727e3dc9ebd2b30bb37d95da189aa774870d9bd24e50adad6c1a5cf4
Score

10^/10

icedid 1842176049 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  INV87162.txt.lnk
- Size
  
  1KB
- MD5
  
  eee800539317857be2814e2961f5786b
- SHA1
  
  3b4031af710ea8116b7ae0c405182055b263441c
- SHA256
  
  9ba435872f1ef090c6eb506fcd7c07d903b8c7a26e772e8b1046f312258f5a04
- SHA512
  
  c5610f208d67274d59a391ce80f3358b3bb3c83297f34029a89c2e34f687940d1cd064abf0b41dc264fec8fbc36e61c08329896d42bdae9a765048ae2edd3cbd
Score

10^/10

icedid 1842176049 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  UFbjRkMGfw.ps1
- Size
  
  59B
- MD5
  
  219543beb2dbd3dd4a38133cb4cf5d62
- SHA1
  
  a9f3bca1e95a8013e54a327ab471fa90f4d6fdec
- SHA256
  
  ff4878fee00d54134fffa5ca90af7ec4892d7397dafe5ad8a319ab83f9b594ae
- SHA512
  
  adfc8567036636ebcbd46d860eacdf55edaff7a56af5a65f0c4695fe2698fa8bc5c7afa1b75126450417516851b500bb3b8d1a1211dae279d6ef95c1621aab26
Score

10^/10

icedid 1842176049 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1842176049bankerloadersuricatatrojan

behavioral2

icedid1842176049bankerloadersuricatatrojan

behavioral3

behavioral4

icedid1842176049bankerloadersuricatatrojan

behavioral5

icedid1842176049bankerloadersuricatatrojan

behavioral6

icedid1842176049bankerloadersuricatatrojan