icedid | e0720908490d4ef748061bd05833bfae66a529f50447e33a057a67745706231e | Triage

Sharing

General

Target

core.zip
Size

631KB
Sample

220817-sc787shafk
MD5

201ea8c70672be0acc85a0959cbcbc43
SHA1

e48db62472427e140b0a40f0b4ba774a6c5873f5
SHA256

e0720908490d4ef748061bd05833bfae66a529f50447e33a057a67745706231e
SHA512

f0a3d49f9685507d641927c9e32d0db0de7778fdb01d0ce472cd5f901f25cc15b1a54bbe4128b71c2f29d0808913fa8a83047ef3f5b4fb7161de40303c5e4740
SSDEEP

12288:jmb2luCHeqmggNsf1+7H0vY4Okw8R5CtDMEuW0UvC23nIuJx2iKpTRQ:a2lzBmjstDpItQLW0CZ3xH2rQ

Score

10^/10

icedid 2672825827 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2672825827

C2

xikolaman.com

iboracarde.com

cementqbilly.com

qaderation.top

Attributes

auth_var
17
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  184B
- MD5
  
  a8d097c4b5b56a3b864107da9275de81
- SHA1
  
  631dad0d2d6cc7dd2add1dfc57a6717bc1dcd9c4
- SHA256
  
  c9598b2fde394149f3a1ee115a9576edf8ad789200271c130991b4d6fd948d4c
- SHA512
  
  e1b64017107ce35554847f02461acea5ab8f0ded5ff7e7360c483ff3748331e1af70bdce453772ad795849a08f1bf8789b23f58988a70a4191226548c7cf5843
Score

1^/10
behavioral1 behavioral2
- Target
  
  winter-.dat
- Size
  
  296KB
- MD5
  
  3767e2dad64d6b0ea14664acd2ba520c
- SHA1
  
  9809ff35c742adae6a009ec646ce8d74c7942a4c
- SHA256
  
  3ee4fc9da984841a49261c68d395e312fe8606f2e82e65c50b4462397e23d662
- SHA512
  
  a389831301c74c74ff85376bd96a9f8673a96dcc6c573acf03a1657758e6d6c362228a6e3d9d9e1bfc46046bc669c66d40e9312561b60ffc9d2371d931f905d9
- SSDEEP
  
  6144:IBrSluO9jEYztpSqmlzT+mpNsnDBVLQaqsc7H2PvY464:s2luCHeqmggNsf1+7H0vY
Score

10^/10

icedid 2672825827 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid2672825827bankercore_loadertrojan

behavioral4

icedid2672825827bankercore_loadertrojan