icedid | 0b9921dfa3983a6d7431b0b5549e24301eca202f4299512fbf93a89f8d6c756d | Triage

Sharing

General

Target

core.zip
Size

659KB
Sample

220818-vaw49scbb2
MD5

8ed36889c14c7a4972e8cee5b6c9f9a5
SHA1

5b2217cd8cd30178988ff7bb5109da1dd20d32a4
SHA256

0b9921dfa3983a6d7431b0b5549e24301eca202f4299512fbf93a89f8d6c756d
SHA512

fdf464aa3b32018299547e66ba9305649e6843320130747513103a47472a82a16d9dc0562f186f9e8c3b363766ba21597064b1b35b055d862929998418ce91b9
SSDEEP

12288:ES/Okw8R5CtDMEuW0UvC23nIuJx2iKpUOkQAF3lDRLdx5aWCMpmGMBa:DItQLW0CZ3xH2rAvllDN5ahtG

Score

10^/10

icedid 1573268852 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl

klareqvino.com

ultomductingbig.pro

Attributes

auth_var
19
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  186B
- MD5
  
  449ca6f684e787e425d1078dbe5b3753
- SHA1
  
  5e20a80fecdd8393e163d09f71b857de0e5cff5e
- SHA256
  
  b3707c03eadf5cc88bd4c855ba3e85cb38617de8c3fe794ad56ce5557f385d68
- SHA512
  
  e97a20c9d73b774d1dcf9a7691a5d696e200c0b0587c3c80c1ea87c46e3f9282638c6f9acaeb716a75ee0a36e9a8a960291acf0a8aad52a50aa2f6624aa91ceb
Score

1^/10
behavioral1 behavioral2
- Target
  
  manage-32.dat
- Size
  
  325KB
- MD5
  
  62489cebb6033e2749011e7d8effd408
- SHA1
  
  c3182c9579b0d8e63e553fa8b60d42ef93e70791
- SHA256
  
  23c826496e972cff4eba404188232f6c646e5cb20034452750daddc24b8601a0
- SHA512
  
  8f14f565c534f8a094f4d541fc2e328d9ee4e99b574a377a9f075920eda0499dc793b6063e08e67644e29f04504b3bb28897af532c4a1ba53ca3645ced05f73d
- SSDEEP
  
  6144:BYHIOJqGYvkKBs+Tmg3lDRLdxblVukYt4l1sSfSmh9Q6Lj:BOkQAF3lDRLdx5aWCMpmG
Score

10^/10

icedid 1573268852 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid1573268852bankercore_loadertrojan

behavioral4

icedid1573268852bankercore_loadertrojan