icedid | 6d6eed486a69052ab20a7e9a075a342fd58eae928f13ac088e3364d580c66118 | Triage

Sharing

General

Target

20220630_ta578ZippedISO.zip
Size

245KB
Sample

220630-rv83sadff8
MD5

7c7765b68f3d07ff6cfa3ea1093cf60b
SHA1

4a8da716ed516f6a5f2ebcdeca5125f78faab287
SHA256

6d6eed486a69052ab20a7e9a075a342fd58eae928f13ac088e3364d580c66118
SHA512

a2d8ebd07836e48dd1d99f952bda1a09899afc44ba929ea12cd8c7a901c13e1bdf839d77dfeaf237ad676a6aa40b751fb3c27d7e4a3845e7122006f0a1ed7255

Score

10^/10

icedid 3635541348 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

3635541348

C2

piponareatna.com

Targets

- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  bb347ab4742d9c9b5cafe0aac6ab1316
- SHA1
  
  6296df650baf990a47e8c97f7ca0e20fadff8962
- SHA256
  
  1d34cb09006522f9c3f48858814fdf22a7bb698cd72b9302f8319f0cb3768a19
- SHA512
  
  47cd1e449d80c9f7fe0f6b4c4d1da4db7a1453f3d738330cccee86884218496f78ff934d3c2d43978f75779d5ef3c635f2daee3894136f5abf5fec6797c1f6cc
Score

10^/10

icedid 3635541348 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  ker3p.dll
- Size
  
  424KB
- MD5
  
  0d3a6e438f8d63ae7497d9bdb13bee3b
- SHA1
  
  bd680e291b3b1083b39432a2334999c857d762e9
- SHA256
  
  b1a4bc1dd5f4e7aedaadce81a76b6b75acdddc4a1049fa606de70d45aecc4739
- SHA512
  
  46f28f939170c37b515f6514a57157598e3c9b469b3afcb3f3473d7c3cac5cddb793ca7c05cc5d67d99c997e22e183c457861bb4cf4236f45ab93613130f11bb
Score

10^/10

icedid 3635541348 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3635541348bankerloadersuricatatrojan

behavioral2

icedid3635541348bankerloadersuricatatrojan

behavioral3

icedid3635541348bankerloadersuricatatrojan

behavioral4

icedid3635541348bankerloadersuricatatrojan