icedid | fe5a1e32294abbea8530e19c0475eb976dc609de0fd42bd7f17f8652252ce970 | Triage

Sharing

General

Target

core.zip
Size

602KB
Sample

220823-rs8n8sfcfk
MD5

c58b3063bfe5bac0422989e77af7a681
SHA1

4e9a0620d3366b7d160c897a06a620961edd8c89
SHA256

fe5a1e32294abbea8530e19c0475eb976dc609de0fd42bd7f17f8652252ce970
SHA512

db91a810616180c66a9bb01a0b23a9abbec30397bb490eff33b651519fc2d060cf750228a3dc1d77557371f00c59283527b0cece66de3985544cc70ae6134ac7
SSDEEP

12288:Uy4Okw8R5CtDMEuW0UvC23nIuJx2iKpGAIs7XumMQbMFGe2LXRz:8ItQLW0CZ3xH2rgTs7XZ6Ge2

Score

10^/10

icedid 904247735 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

904247735

C2

trionyball.com

clearhotbeafc.com

Attributes

auth_var
7
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  185B
- MD5
  
  5638425f54af93a9cfc570d5885f6132
- SHA1
  
  f860be21279d7efe3942a4de1612f3c0c0afec78
- SHA256
  
  24263d4004e538f92e9c808c1394074992a7faa89ca2b22f30e343bb4a21284d
- SHA512
  
  46331faffe5168ccd46aa035c6b0f8d4e5202c9e3de8ca8faa0e6eeb69d3de8d97370a303d3048c9b5c500ca336b48abfe5e018f7e61d1da7beb54805eff2ffe
Score

1^/10
behavioral1 behavioral2
- Target
  
  intact64.dat
- Size
  
  267KB
- MD5
  
  c271f70b63d1b613b25899b1209abc06
- SHA1
  
  12469d81526cd1f533182374405ab139114b3e9b
- SHA256
  
  957400c86c054140d70f42a69b93dfccf9f920caa765b23181988c4ae6df9788
- SHA512
  
  ba67ff5ab0f1098f0d23f2636680052fd1940b02c3ce6b9cd9faa433dcec409bf937c08f674cd7a489997da4a24e223eab38fba0ad18b9984db797a73d5f8313
- SSDEEP
  
  6144:L/AUf7s7qS3rdGtv3UiAXMQpdMXVGxkqo4ZLcr:jAIs7XumMQbMFGe2L
Score

10^/10

icedid 904247735 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid904247735bankercore_loadertrojan

behavioral4

icedid904247735bankercore_loadertrojan