icedid | 6880bb0870d5055dd53aa48318677d6f5effaacd946ae9fb5ef345bebf622a57 | Triage

Sharing

General

Target

core.zip
Size

617KB
Sample

220824-rjvq1sedcp
MD5

2555267b18ef4039d8c4dcae49ce40ed
SHA1

9a3407e0f2f4f9a64cb059c65ce066da48f0b6e5
SHA256

6880bb0870d5055dd53aa48318677d6f5effaacd946ae9fb5ef345bebf622a57
SHA512

32aad90103c4989a61be1071965dfb130937410e1f2b404282cca39ecac81fff0a5b4cd2c8eea00973302583b91c5c90ee332699bd2f5f4f84244d8280b229c4
SSDEEP

12288:WR4lhcI/O1OQtCZFeWOTpOVsR+Okw8R5CtDMEuW0UvC23nIuJx2iKpi+A:lP1/O1OQyFpOTpY0oItQLW0CZ3xH2r6

Score

10^/10

icedid 3524611504 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com

Attributes

auth_var
19
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  186B
- MD5
  
  ed508bb2d64d183a031529369c381ca0
- SHA1
  
  2cf761161524892d54dd1eb628a37f39c4e441c0
- SHA256
  
  f64c69b3f00c372a236881e34d861dc52817e7f03847fd156c70ee316b12a802
- SHA512
  
  c30cecd1f9f8565a0a4f24f8cc1422dfe55cc038e3bfab9ce9b8879a47d263bfc0a1c4938aee363ace275ed9577e6772eefc0905024eee1034c6af7f45788086
Score

1^/10
behavioral1 behavioral2
- Target
  
  stove_x32.tmp
- Size
  
  283KB
- MD5
  
  57070e0b51dca9c3037d9e1c5fb4e465
- SHA1
  
  34e0923c5cc19e0d0092180f97e912121e23fe93
- SHA256
  
  8e69a8102c4c28f174f498d063cb4f7b92300888cdf696de04c6497525410e06
- SHA512
  
  6f25a912b645b84f15623dd1f4faf7d26e8000892483c3046588f6b828a40a93cb3ea9e47110ba97d38d2d6b0e2114158c868477e3b4a80f95d159e2c845f648
- SSDEEP
  
  6144:el9BZZiIZdhgQa1OQtC/53ZT4H/rqKCgTpKhR/sREA:elhcI/O1OQtCZFeWOTpOVsR
Score

10^/10

icedid 3524611504 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid3524611504bankercore_loadertrojan

behavioral4

icedid3524611504bankercore_loadertrojan