icedid | dc11495140fc315205e536c512bb208dc1c0db080ca163251bed2f511a8893ad | Triage

Sharing

General

Target

stolenImages_sample2.zip
Size

466KB
Sample

220706-v5sekafdek
MD5

62e232c89bbacc82ac25428d49fdaf73
SHA1

7ce321b52953a102ce36909b91eba077790a7b4b
SHA256

dc11495140fc315205e536c512bb208dc1c0db080ca163251bed2f511a8893ad
SHA512

42cb0e33c01f8176827f634389ec989f60c55cfe27213b4619f972a37dafb41f5197d642a9905446be767da120adfb05513f307b5b5790ef0862af4bb8c7acbf

Score

10^/10

icedid 1044021123 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1044021123

C2

carismorth.com

Targets

- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  73a8d2488fda1347130de9f0efec4f6b
- SHA1
  
  e5bc7521dbfe149fa8f6df6a0ce5e5d99223a3d0
- SHA256
  
  2254ed69e23e3f357b4283a055d0841d77c298c30052113b8e4a841d5b5b66ab
- SHA512
  
  d2003816e2e8114e4c5f8aec410c6694d733b818d63d66b4a1d8bd78bf25eba8cb5f3f260efee8709322031475796e9ef7a835928fbdb27a9c6cb8fbe6e97130
Score

10^/10

icedid 1044021123 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  hertbe.dll
- Size
  
  812KB
- MD5
  
  d03775865c90131c3e57f535594347e9
- SHA1
  
  31bbcce546094c4f225d1c6fa699ab1a6f4d9687
- SHA256
  
  bae7251096be5fc53cc6e893c7c951933b0bdd6e6e16e77612c06cc742032ace
- SHA512
  
  af9bae2a23da371e76b5b4930a06bbbafe673642af5021c6adbd7b1dc4e4c40ef4fccfcf91ec797c95b6e083a6c712dfb8e781dddaeea693d4f59ec3a974a0f4
Score

10^/10

icedid 1044021123 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1044021123bankerloadersuricatatrojan

behavioral2

icedid1044021123bankerloadersuricatatrojan

behavioral3

icedid1044021123bankerloadersuricatatrojan

behavioral4

icedid1044021123bankerloadersuricatatrojan