icedid | 45449bf222593b8ba442e660e3a1b2ffaa58a92ae0c56627cfe9c4bcf7b93cdc | Triage

Sharing

General

Target

core.zip
Size

743KB
Sample

220630-s17mkseag9
MD5

afcd7129497ff87d6df6189215be030e
SHA1

a4796a24f023b18db6408007f4caea5686c3b7bf
SHA256

45449bf222593b8ba442e660e3a1b2ffaa58a92ae0c56627cfe9c4bcf7b93cdc
SHA512

07137d85c66d2b92320ec1ea7a4a39c652edec25f883e49bc9c15428b566d085fb4dd1c0387154c71602995e24f05e82620b1b1de01a402af1030cb0653b3087

Score

10^/10

icedid 1501064257 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1501064257

C2

starpetralina.com

brumedane.com

Attributes

auth_var
25
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  189B
- MD5
  
  6f15cd0263b458116b6698e266ab989c
- SHA1
  
  83b44519c7a36583e69f2b65dc44738b3ee63145
- SHA256
  
  9b584a85e3fa666d0e2d6e699f2c1380a788cae2183e417ddd7b58a3939b9112
- SHA512
  
  892c34b984ac66748e54da0f0b9728c2a02c7bb6932e6fb385daed8f0b855198d3be91d6ade589827e43b2604b186fe7c39b5ffae6589d6cb2037595c3a56866
Score

1^/10
behavioral1 behavioral2
- Target
  
  mesh-64.dat
- Size
  
  408KB
- MD5
  
  bd1a6c52941f0bf45e352c38dca09921
- SHA1
  
  21ca59616619a754be48d1bcaf8437f42b25d6b4
- SHA256
  
  ed96d4317c1fe69326c8cb31373b8fc75e8bbe74326b781448bcdb9f2bd4f48f
- SHA512
  
  7a09286ab9e02e0963bc27c829d5aa9169aa6942518ae4e4683a98d2b35c0368653a61cbb66709cdffe6ed5e0f13dee5c9a82ec0afbf46b33e0decadbef53ce2
Score

10^/10

icedid 1501064257 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid1501064257bankercore_loadertrojan

behavioral4

icedid1501064257bankercore_loadertrojan