icedid | 28661e4a0f43711df5b1637f6ee03046939db4991d56940e1e6e10425008232b | Triage

Sharing

General

Target

core.zip
Size

631KB
Sample

220816-vckh9aeeg4
MD5

02c9ea57ed860fdaeb7a610c023cab8f
SHA1

7f5bdc3df53bcf882dc7f83ff6a2e622633423d2
SHA256

28661e4a0f43711df5b1637f6ee03046939db4991d56940e1e6e10425008232b
SHA512

873498db1ba15435a476b0fb18e32cbc0e282e331e76ccfadafe73dbdc7a41c51c774bb8b74a1f9a8f195b01ffb19d482965dcce66480bd3fbf1225dd0cdad05
SSDEEP

12288:xJG2luCHeqmggNsf1+7H0vYmOkw8R5CtDMEuW0UvC23nIuJx2iKpZuh:y2lzBmjstD7ItQLW0CZ3xH2rW

Score

10^/10

icedid 2672825827 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2672825827

C2

xikolaman.com

iboracarde.com

cementqbilly.com

qaderation.top

Attributes

auth_var
17
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  184B
- MD5
  
  a8d097c4b5b56a3b864107da9275de81
- SHA1
  
  631dad0d2d6cc7dd2add1dfc57a6717bc1dcd9c4
- SHA256
  
  c9598b2fde394149f3a1ee115a9576edf8ad789200271c130991b4d6fd948d4c
- SHA512
  
  e1b64017107ce35554847f02461acea5ab8f0ded5ff7e7360c483ff3748331e1af70bdce453772ad795849a08f1bf8789b23f58988a70a4191226548c7cf5843
Score

1^/10
behavioral1 behavioral2
- Target
  
  winter-.dat
- Size
  
  296KB
- MD5
  
  3767e2dad64d6b0ea14664acd2ba520c
- SHA1
  
  9809ff35c742adae6a009ec646ce8d74c7942a4c
- SHA256
  
  3ee4fc9da984841a49261c68d395e312fe8606f2e82e65c50b4462397e23d662
- SHA512
  
  a389831301c74c74ff85376bd96a9f8673a96dcc6c573acf03a1657758e6d6c362228a6e3d9d9e1bfc46046bc669c66d40e9312561b60ffc9d2371d931f905d9
- SSDEEP
  
  6144:IBrSluO9jEYztpSqmlzT+mpNsnDBVLQaqsc7H2PvY464:s2luCHeqmggNsf1+7H0vY
Score

10^/10

icedid 2672825827 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid2672825827bankercore_loadertrojan

behavioral4

icedid2672825827bankercore_loadertrojan