icedid | 6f1b9bf0e7a14fa84bdb676b30eb92644dcfae7c42b10794b7ca88851bfe5921 | Triage

Sharing

General

Target

stolenImagesSample.zip
Size

387KB
Sample

220706-vv9k4ahea2
MD5

70b2a9977d72e967a37e5d965fb52c3d
SHA1

cbc2d35ba156dcfe6772da79bb439b466089ac88
SHA256

6f1b9bf0e7a14fa84bdb676b30eb92644dcfae7c42b10794b7ca88851bfe5921
SHA512

9a6caacc73a5588df6c583832c4455354867574e7be53d3d7a2d92050ff7ec84c15a244c672ce4f4a8b73eb2ef23a250db8f3e22d597c531a1b005bb96253432

Score

10^/10

icedid 1060798742 banker loader suricata trojan

Malware Config

Extracted

Family

icedid

Campaign

1060798742

C2

carismorth.com

Targets

- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  221b153dbdad3521bda7049b4496238f
- SHA1
  
  5c912f7c3d1bbde2b5c6036e89944201907b8295
- SHA256
  
  b5f4d1173a053476903d2a8e193fd710bd011065e30855e259494a13f7f9b2da
- SHA512
  
  6296d4a54203680a79de1833b22d35c3e9d3808063777653d53c07d1d09201cc4ad56f150d3419c32faf926ada9567b3acf4e6572bee6901db54f19747fec377
Score

10^/10

icedid 1060798742 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  o5p0se.dll
- Size
  
  673KB
- MD5
  
  55d9ce94281b789ebb0f90e5cf704eb7
- SHA1
  
  2a0a5a1d41587efb9c927d5d2c2fe989e0b9ed08
- SHA256
  
  141b5ac38343d2856ee309e943cb64026d16234b70c46212d5e9febe4b95d39e
- SHA512
  
  8910879bc7c36b734698ff7355885c859b88cc5403098b612bb7cc2919f5980535860a9f79def1f7b6504ae937b4bf4599af7b5ca6938695c412c177997db0d8
Score

10^/10

icedid 1060798742 banker loader suricata trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata: ET MALWARE Win32/IcedID Request Cookie
  suricata
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1060798742bankerloadersuricatatrojan

behavioral2

icedid1060798742bankerloadersuricatatrojan

behavioral3

icedid1060798742bankerloadersuricatatrojan

behavioral4

icedid1060798742bankerloadersuricatatrojan