icedid | 4b0e50204999c44b9f7d7fa88aac013056c0e9fe63d88f37e1e7a3212a001a12 | Triage

Sharing

General

Target

qbot_20220629.zip
Size

421KB
Sample

220630-bhdhcagde3
MD5

635b2a3facba50cfcc5257cb1ae764c8
SHA1

8a55ab05ebb316fbc692cf6bc92810b7087e6367
SHA256

4b0e50204999c44b9f7d7fa88aac013056c0e9fe63d88f37e1e7a3212a001a12
SHA512

bf901c1ee5ba0b3330756e93d3eb611170b7f6b93cc62cc31768d714c95aa9f528556bd39a5e343b86bca8164ca3cfa2eceee2c462a267f6c5fe27fb3c9ecd9e

Score

10^/10

icedid 1842176049 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1842176049

C2

carismortht.com

Targets

- Target
  
  33667344.dll
- Size
  
  734KB
- MD5
  
  a1f7315db077f4439da7547f1157245d
- SHA1
  
  adcb94e14189aacbe2486a77ef9a4026db1384b9
- SHA256
  
  8b6fdabfcc653d84055464fd6d924fc931a7468fc362433569d74f65bad8e1dc
- SHA512
  
  71dcb2133815f1903c31d6e720af2cefec9e77b58be000a8d359e7c682ba86862f303c74727e3dc9ebd2b30bb37d95da189aa774870d9bd24e50adad6c1a5cf4
Score

10^/10

icedid 1842176049 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  INV87162.txt.lnk
- Size
  
  1KB
- MD5
  
  eee800539317857be2814e2961f5786b
- SHA1
  
  3b4031af710ea8116b7ae0c405182055b263441c
- SHA256
  
  9ba435872f1ef090c6eb506fcd7c07d903b8c7a26e772e8b1046f312258f5a04
- SHA512
  
  c5610f208d67274d59a391ce80f3358b3bb3c83297f34029a89c2e34f687940d1cd064abf0b41dc264fec8fbc36e61c08329896d42bdae9a765048ae2edd3cbd
Score

10^/10

icedid 1842176049 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  UFbjRkMGfw.ps1
- Size
  
  59B
- MD5
  
  219543beb2dbd3dd4a38133cb4cf5d62
- SHA1
  
  a9f3bca1e95a8013e54a327ab471fa90f4d6fdec
- SHA256
  
  ff4878fee00d54134fffa5ca90af7ec4892d7397dafe5ad8a319ab83f9b594ae
- SHA512
  
  adfc8567036636ebcbd46d860eacdf55edaff7a56af5a65f0c4695fe2698fa8bc5c7afa1b75126450417516851b500bb3b8d1a1211dae279d6ef95c1621aab26
Score

10^/10

icedid 1842176049 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral5 behavioral6
- Target
  
  notice.txt
- Size
  
  366B
- MD5
  
  8054a00a327955bb34ef9d930dc19a20
- SHA1
  
  7445f99b93469efb9bd5746cf5c4520f25894150
- SHA256
  
  d82a953766e7951c5c49923cdd361377e17d3bb6b321416766344ceb3a6ac165
- SHA512
  
  8f0359ab757551af5e8feb7857d3434fdffab0f7f9c26cefcf0fac0dc6d5e31b163aefc75252b340fe7eaeafea6677e894ef5958177680a617bde232a00a58e9
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1842176049bankerloadersuricatatrojan

behavioral2

icedid1842176049bankerloadersuricatatrojan

behavioral3

behavioral4

icedid1842176049bankerloadersuricatatrojan

behavioral5

icedid1842176049bankerloadersuricatatrojan

behavioral6

icedid1842176049bankerloadersuricatatrojan

behavioral7

behavioral8