icedid | a299c4df4706f75c60e1f53e39dff00126317de565a0afdfd7bf26381966e7d4 | Triage

Sharing

General

Target

o5p0se.zip
Size

379KB
Sample

220706-l2ymqsddf4
MD5

81f2fd78dbb7ce94dc7cc438f3d554e8
SHA1

c31d4b9ca622ed966c3e2b4d80e93618f90b1da3
SHA256

a299c4df4706f75c60e1f53e39dff00126317de565a0afdfd7bf26381966e7d4
SHA512

0d2faba5ff48ebb3c93bdca7017f6e04bf17c6c6bd4e3738b55f51bba1e5ba66c6da9019f6311f94fa81843d90dcbd0dd191f4cfb010e3f094271761c399384d

Score

10^/10

icedid 1060798742 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Targets

- Target
  
  o5p0se/documents.lnk
- Size
  
  2KB
- MD5
  
  221b153dbdad3521bda7049b4496238f
- SHA1
  
  5c912f7c3d1bbde2b5c6036e89944201907b8295
- SHA256
  
  b5f4d1173a053476903d2a8e193fd710bd011065e30855e259494a13f7f9b2da
- SHA512
  
  6296d4a54203680a79de1833b22d35c3e9d3808063777653d53c07d1d09201cc4ad56f150d3419c32faf926ada9567b3acf4e6572bee6901db54f19747fec377
Score

10^/10

icedid 1060798742 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  o5p0se/o5p0se.dll
- Size
  
  675KB
- MD5
  
  b921650c429c994bc1e727607e725d23
- SHA1
  
  b8845c28e13925972646b5e1b4f1aa745ca96463
- SHA256
  
  3186e010f87176017d0cea8e23660b99ad5997261b2137abe42c9450671c6661
- SHA512
  
  deea8521e345f206e3822d1fdb696d5504db12e5e9256b5b70afc33d4f5d11a32a04e841d10798369088f0bf62eb8b2aec4857482339e1a8e115cb09d6f0a160
Score

10^/10

icedid 1060798742 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1060798742bankerloadersuricatatrojan

behavioral2

icedid1060798742bankerloadersuricatatrojan

behavioral3

icedid1060798742bankerloadersuricatatrojan

behavioral4

icedid1060798742bankerloadersuricatatrojan