icedid | e926ae4a601b8d3222cf205eb885428bc9242197e2fe2c81e059d4d83c9af860 | Triage

Sharing

General

Target

7693936146.zip
Size

442KB
Sample

220705-yx9knacehm
MD5

a50b761a4e57daa92e24fbe7edad775e
SHA1

0a5da2c66f31665baacd9799fcb8effee0412a9a
SHA256

e926ae4a601b8d3222cf205eb885428bc9242197e2fe2c81e059d4d83c9af860
SHA512

7d633cee89413db14c828d76718adaac913147567432ff890626fbb523a8f7878e94d3021333f1f5f9010a5947e8bf76b445912a02df529d3fd108003b9072bf

Score

10^/10

icedid 1175749654 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1175749654

C2

hlansmagazine.com

Targets

- Target
  
  7287387845476394829823.dll
- Size
  
  675KB
- MD5
  
  d9ca0b8b3d18b348148b81766f34971b
- SHA1
  
  eaebf971a37f05268f73611d248c6b6047d8bb13
- SHA256
  
  3ff865046c458de3a317ecedaad6aa0e60d5d36f8fcc8bfa6d4cff42efa3c3ed
- SHA512
  
  941e5d5c2c06e57bb8a88643b140332c2fbc51c9d435825576b7ac02f929c5f6f235149e382a8dbaf12c8a39afbc03e3526cb582b43b026ced33e24e88d02551
Score

10^/10

icedid 1175749654 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  Case.pdf
- Size
  
  86KB
- MD5
  
  1f4cbc5df4ee4e09bc625a9092d0a8ec
- SHA1
  
  e289de13f0191ebc81639045c23d6672f228e73d
- SHA256
  
  9abf25f0e1503cb38da963afca7f2aa079f9e60f0bb7cc7b53e0a6e5760074e7
- SHA512
  
  b76bd91f28886e370fa5101996d0e90fc4da50c19850080cdeeb65a50ddbb21d53338419273d0b941e1bb2d622ca4040c1e45fdbe2d3895d93e7ad169891eeae
Score

1^/10
behavioral3 behavioral4
- Target
  
  Case.pdf.lnk
- Size
  
  2KB
- MD5
  
  81d3c327d043e682d692bad1326c29fa
- SHA1
  
  f6389335a6f1c6fecf60a5ce572f2611d01b5981
- SHA256
  
  4775f93534bca0f2efe8fbd2e6a67a98c8a6560e8ef6a9381802ef899ffbf4c4
- SHA512
  
  8c5bdd1e5d9c36814ae99f334e0f92ab406ed16b9db646901038fa2a8a81a24fcc9534902eb312b50af3fbc40e38d6e424e0673f48b006739508adfa6c7193bd
Score

10^/10

icedid 1175749654 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  HDFcvLHBhKEQvBlli.ps1
- Size
  
  71B
- MD5
  
  d6c6fccc7b7f3856bdefb7069010bdcb
- SHA1
  
  9cceb8f815bf32e2d99b6379e8c18125ea3f7d3f
- SHA256
  
  6fe702cfd5b4f59fe4284caaf0c86c24c80b9e56ba9562c18e4961e9c88ff29d
- SHA512
  
  d0a22ea5d2c8cb7f57b479360a7a7227bd1897d5f211e0af2cf850bb7a547d7b847cc87957282dee2223e0211160e23dbda06747dfd44a9eec9eeadf602ccc02
Score

10^/10

icedid 1175749654 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1175749654bankerloadersuricatatrojan

behavioral2

icedid1175749654bankerloadersuricatatrojan

behavioral3

behavioral4

behavioral5

behavioral6

icedid1175749654bankerloadersuricatatrojan

behavioral7

icedid1175749654bankerloadersuricatatrojan

behavioral8

icedid1175749654bankerloadersuricatatrojan