icedid | 85ce7016ae32e9fa8a51534f48d4a31b46a0c7f4d3eb862942b161c877c34ba4 | Triage

Sharing

General

Target

zippedISO_ta578.zip
Size

387KB
Sample

220705-z7wxzsfaf3
MD5

be3b4ceced523d89f0f1f141d33c0021
SHA1

776dba1035e627401276fc4c76ff8151314fb3ac
SHA256

85ce7016ae32e9fa8a51534f48d4a31b46a0c7f4d3eb862942b161c877c34ba4
SHA512

7e1dcedb06764ed57a98da9e6e2c75fdc5b60a1e738ee4044a1895e59cba745d58e41bc45a616578a876d8921ac0dd980550870c89cc39853b54119aac7bb510

Score

10^/10

icedid 1060798742 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Targets

- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  221b153dbdad3521bda7049b4496238f
- SHA1
  
  5c912f7c3d1bbde2b5c6036e89944201907b8295
- SHA256
  
  b5f4d1173a053476903d2a8e193fd710bd011065e30855e259494a13f7f9b2da
- SHA512
  
  6296d4a54203680a79de1833b22d35c3e9d3808063777653d53c07d1d09201cc4ad56f150d3419c32faf926ada9567b3acf4e6572bee6901db54f19747fec377
Score

10^/10

icedid 1060798742 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  o5p0se.dll
- Size
  
  673KB
- MD5
  
  c59010fb2f9f2986c3830bc1e75e96f9
- SHA1
  
  475efec12172022b28e1020b9227f30f956b13a6
- SHA256
  
  352b7787103e0e735632fb70a89de041c3c4da7eb2194e5a5eafcc48f6096be4
- SHA512
  
  1deff83a4989ec4c1856c34ff686d8828cb7f82f7b0b5b28647bec4696b4ea6242edbc6348163a23316dfc4c2d23ac999fe8bacfd058fd6a0060ea6075eb49a4
Score

10^/10

icedid 1060798742 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1060798742bankerloadersuricatatrojan

behavioral2

icedid1060798742bankerloadersuricatatrojan

behavioral3

icedid1060798742bankerloadersuricatatrojan

behavioral4

icedid1060798742bankerloadersuricatatrojan