icedid | 1a5c3b26d1e99e9a3b279dc0f298efc93e362302ddca353ab6607d39f50a2028 | Triage

Sharing

General

Target

core.zip
Size

602KB
Sample

220823-d32rsahadj
MD5

04eac8b455c459dc4492e7fc4bc9b0ac
SHA1

2579ca705b18cd013705120b46e1efea6d7207ed
SHA256

1a5c3b26d1e99e9a3b279dc0f298efc93e362302ddca353ab6607d39f50a2028
SHA512

53be015e07b101641358c1f40e55162965a30d79c7659e9902271b1d3980f0359a4224f4f04b09a559a08b88360067aa51de977e37c1f4c8f97bbe4168b390d1
SSDEEP

12288:eEfOkw8R5CtDMEuW0UvC23nIuJx2iKpTAIs7XumMQbMFGe2Lp3B:vItQLW0CZ3xH2rFTs7XZ6GeE

Score

10^/10

icedid 904247735 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

904247735

C2

trionyball.com

clearhotbeafc.com

Attributes

auth_var
7
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  185B
- MD5
  
  5638425f54af93a9cfc570d5885f6132
- SHA1
  
  f860be21279d7efe3942a4de1612f3c0c0afec78
- SHA256
  
  24263d4004e538f92e9c808c1394074992a7faa89ca2b22f30e343bb4a21284d
- SHA512
  
  46331faffe5168ccd46aa035c6b0f8d4e5202c9e3de8ca8faa0e6eeb69d3de8d97370a303d3048c9b5c500ca336b48abfe5e018f7e61d1da7beb54805eff2ffe
Score

1^/10
behavioral1 behavioral2
- Target
  
  intact64.dat
- Size
  
  267KB
- MD5
  
  c271f70b63d1b613b25899b1209abc06
- SHA1
  
  12469d81526cd1f533182374405ab139114b3e9b
- SHA256
  
  957400c86c054140d70f42a69b93dfccf9f920caa765b23181988c4ae6df9788
- SHA512
  
  ba67ff5ab0f1098f0d23f2636680052fd1940b02c3ce6b9cd9faa433dcec409bf937c08f674cd7a489997da4a24e223eab38fba0ad18b9984db797a73d5f8313
- SSDEEP
  
  6144:L/AUf7s7qS3rdGtv3UiAXMQpdMXVGxkqo4ZLcr:jAIs7XumMQbMFGe2L
Score

10^/10

icedid 904247735 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid904247735bankercore_loadertrojan

behavioral4

icedid904247735bankercore_loadertrojan