icedid | 45ff00e7a848fdb2c5ecb5fbdf608c492c20fdf68ecbe12637f599ed0aea7f6b

General

Target

June-06028_65-Report.iso
Size

1.9MB
Sample

220701-mc1w8sebf6
MD5

472097d742b7a64531766ec22826bcad
SHA1

ef95618ef18e7feb5b0d0563a47acea38b03b94c
SHA256

45ff00e7a848fdb2c5ecb5fbdf608c492c20fdf68ecbe12637f599ed0aea7f6b
SHA512

3ff26d6c8b7a62ce902006a6f78e1aa5bdb6fe19dc008855f39df2a7de8f5a7ed50c2015dc3183c973ac8fd18a3c310dd9f8f90ce0988a1978226370ab9880c5

Score

10^/10

Malware Config

Extracted

Family

icedid

Campaign

3568430872

C2

alionavon.com

Targets

- Target
  
  June-06028_65-Report.iso
- Size
  
  1.9MB
- MD5
  
  472097d742b7a64531766ec22826bcad
- SHA1
  
  ef95618ef18e7feb5b0d0563a47acea38b03b94c
- SHA256
  
  45ff00e7a848fdb2c5ecb5fbdf608c492c20fdf68ecbe12637f599ed0aea7f6b
- SHA512
  
  3ff26d6c8b7a62ce902006a6f78e1aa5bdb6fe19dc008855f39df2a7de8f5a7ed50c2015dc3183c973ac8fd18a3c310dd9f8f90ce0988a1978226370ab9880c5
Score

10^/10

icedid 3568430872 banker discovery loader persistence suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

IcedID, BokBot

suricata: ET MALWARE Win32/IcedID Request Cookie

Blocklisted process makes network request

Downloads MZ/PE file

Drops file in Drivers directory

Executes dropped EXE

Registers COM server for autorun

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2