icedid | cc8ccd77250ff580a83adfcf189f79f5fbff4bf337b7a85c42062c6a15a26204 | Triage

Sharing

General

Target

core.zip
Size

993KB
Sample

220705-11zkzafdf8
MD5

cd31428d755cff372cd86c0ed680cfea
SHA1

fd6c3eff3cb2c71400f11143c834d733442fb2a6
SHA256

cc8ccd77250ff580a83adfcf189f79f5fbff4bf337b7a85c42062c6a15a26204
SHA512

4389d7085e8447f3404d6157102081d9c65610371e0ee8f67ee9a2143bc2d030ba9d84784961918999d3673ec0e541e7b1f0d5ea6b4f7a3455a801967c911762

Score

10^/10

icedid 310022019 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

310022019

C2

uytricmpreprom.com

plorinnoult.com

Attributes

auth_var
1
url_path
/news/

Targets

- Target
  
  borrow-64.tmp
- Size
  
  659KB
- MD5
  
  53838df59c153fcebe98bbfa3ecf90d4
- SHA1
  
  203fa348512555e9dcca6014c2b334026e480985
- SHA256
  
  54a3750989e69c1ebd2766932d9ba8fcadca493d6bc9897b82c1f5aa5bd0eb15
- SHA512
  
  050a49a4903995c0101a2dcb5710d12bcdf706e7a87b96824e9120e8f9905ef76624c45fd1bcbbd95ecc6653fdc9c3ab43b8cd26a0d1cbbfc4e475a996a35a60
Score

10^/10

icedid 310022019 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  cmd.bat
- Size
  
  191B
- MD5
  
  6bc8e4b5ba872d45efaca23a67d7b371
- SHA1
  
  97c5b35b39f32b356dc9337efbd3b1a7eda8de84
- SHA256
  
  6903d7c37e936ab55eac34849d59b338da9ff39eb57f2b5de533638a247a560e
- SHA512
  
  ffd6afbd2e3450c15ee46500d2e16574a50b8719903590bd6efb5c9c33184eceeba2a8abc0c76ba762e161fa4ee8b48a8842178ac9a39ceeda406aafbaf702f9
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid310022019bankercore_loadertrojan

behavioral2

icedid310022019bankercore_loadertrojan

behavioral3

behavioral4