icedid | e250c4fa1f402547845a328b4ea7c8e8af2fa73e32dde0aa3cb782262faf1064 | Triage

Sharing

General

Target

h1mor3.zip
Size

456KB
Sample

220706-vcmzdahbg3
MD5

ad7b3d8a995a3a326a3c2694b1a759b1
SHA1

073798c81d601e820bfe5fd2ffee703afd1a276c
SHA256

e250c4fa1f402547845a328b4ea7c8e8af2fa73e32dde0aa3cb782262faf1064
SHA512

a99a438aaed01e2d8541d19f233ca49b3206d6067e9896a0c5719da5d26a3b92eb240cbd7d68835b0a318499ebec52d79e4bcda55054ed99dd7f48ad2eb0504a

Score

10^/10

icedid 4105767744 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

4105767744

C2

frodupshopping.com

Targets

- Target
  
  h1mor3/documents.lnk
- Size
  
  2KB
- MD5
  
  21d1b6bbdf3b78678beb355220365222
- SHA1
  
  7444806f4739b1b33f4f1d008f0493863b77f8ea
- SHA256
  
  505a6950fda3c810bb1847bd0e11a49cf1b20e57cdf8c7817e58d27e075453a2
- SHA512
  
  13e976c2d2b1096b675f983baf18a960b2300a1ec52bdd609ba6483eb126092c80249a01971ccfea22347e2fbddc746b0ae26d77471ab40899c722aa3c918ac2
Score

10^/10

icedid 4105767744 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  h1mor3/h1mor3.dll
- Size
  
  815KB
- MD5
  
  31b27506a6ece8dd09db6013e2ef2148
- SHA1
  
  e61221453335166db950f31a502820365ffd1dfa
- SHA256
  
  c1dbcc795995afe6927bf569863826844fb445de17e8e2fc1fea7531da7b2952
- SHA512
  
  10c81ebef645127b6e191f9798dddddf096ee7c666f5b8bb420924602a534eae5cddbedf34a245950cf3e074bbde2b3d3a8c0d5ac56a49b26fed72b1246e2d3f
Score

10^/10

icedid 4105767744 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid4105767744bankerloadersuricatatrojan

behavioral2

icedid4105767744bankerloadersuricatatrojan

behavioral3

icedid4105767744bankerloadersuricatatrojan

behavioral4

icedid4105767744bankerloadersuricatatrojan