icedid | c9408dec5953c3bcaf2c93dc12cc7df7e5a3bb36d43ef47e1bc2affd015a940d | Triage

Sharing

General

Target

p3roms.zip
Size

412KB
Sample

220630-kplxqsbeg7
MD5

90058feb345f16de564597137e8c799f
SHA1

dc01a8975665cf602a2cf750482f8c88e7cc77e3
SHA256

c9408dec5953c3bcaf2c93dc12cc7df7e5a3bb36d43ef47e1bc2affd015a940d
SHA512

82cd7d27291fbbad30b3facc07992aaf1929eff8adb104f618ceb35754805cc549e35d35610fec8aafcf2384d909365d186b79a8929bb9ef206d88910825de6b

Score

10^/10

icedid 3652318967 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3652318967

C2

yankyhoni.com

Targets

- Target
  
  p3roms/documents.lnk
- Size
  
  2KB
- MD5
  
  6c2af96b292cb6a7c6446d533c8671e0
- SHA1
  
  d05130035893f1593be14105588df3f2262fd50c
- SHA256
  
  7d77120c1fcd7635d26e4f1041136bb382f832e170baf3640f238c9b51a1d220
- SHA512
  
  e0054f43f9c87c4c670600ec82b9576bd12b53feb21f5c55b7cd510611b91c38da0eaf4d84b5dd30adabffefd8ebf5e61526b9f2b706020576c8db385e33d364
Score

10^/10

icedid 3652318967 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  p3roms/p3roms.dll
- Size
  
  731KB
- MD5
  
  e8496b7b90c403771de47a16543aa078
- SHA1
  
  446e949646284181d54f30a13c1e2a72168baa2e
- SHA256
  
  e2e4c0ea5a3d6e3e4b99a8f7b46085b73e9f78779fa82b4a1b041d67e4be7173
- SHA512
  
  c23008ebad2faf2770396d079d564966e4aea3cbf6ba17b3493390af877b37495a7538f1464ac75a0034314867b8d960881267368b57923d97a0bc299d40b28b
Score

10^/10

icedid 3652318967 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3652318967bankerloadersuricatatrojan

behavioral2

icedid3652318967bankerloadersuricatatrojan

behavioral3

icedid3652318967bankerloadersuricatatrojan

behavioral4

icedid3652318967bankerloadersuricatatrojan