icedid | 10500913768a5fd78562b91bb314ffd53ef488f5bbe89e329918c2e817b4f937 | Triage

Sharing

General

Target

core.zip
Size

564KB
Sample

220825-qyyksadgdj
MD5

fb2703dba10bd4e6c942b2a9d5a771c9
SHA1

9e52d31070522d3431034095238c78df4d01c391
SHA256

10500913768a5fd78562b91bb314ffd53ef488f5bbe89e329918c2e817b4f937
SHA512

eeaee2106f257dedc124e68e789c9f781731bb3ad36f05d4c3214eef213e60d0db8ce3c4fee0d5b8871da51b36b56a263fd9ed9435767441238a1defb87869d3
SSDEEP

12288:OmvASC76nku6x/e3Okw8R5CtDMEuW0UvC23nIuJx2iKpS1D:f3C76nd6x/cItQLW0CZ3xH2rC

Score

10^/10

icedid 3681413287 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3681413287

C2

iionadred.com

hidozwerav.com

seatforillosa.com

carprisesr.com

Attributes

auth_var
14
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  187B
- MD5
  
  9d2a4f3ab1024e70fe68eec0ee9c0077
- SHA1
  
  70046291bdb9d6bd33a767aa3d530e6297e77fe1
- SHA256
  
  0cd353c820425a04408ccf25fd843d20bd7cc9946bde06fad1662a7a795d87d9
- SHA512
  
  95c00d528ab75f164f245d444ea15747456bd7072bb01e871105946c8e53f06ef27143d66a87958f776bcb7a7bd5fc3342cfa78ab4114bb2c6eb7018a60022a2
Score

1^/10
behavioral1 behavioral2
- Target
  
  spatial_64.tmp
- Size
  
  229KB
- MD5
  
  0da038369894eac14506a8439a548aca
- SHA1
  
  13c92034699faa2f0df46b7a50cb00c35b5078f0
- SHA256
  
  f5fb02f92ff4e3ca19cf34c42d208efdf79c497cbaa204dc5c97e6c7d335fad8
- SHA512
  
  2798bc192d2a7593de431c874a3144f636ac88816f3769c0dd576d4fefa0ea88e1abdd8fe23856878622041fe3805ae3bf73ec35ba16ec3f734360edcc490519
- SSDEEP
  
  3072:r9nf4S8XjguPLcglLgktfRqQ0xtLfj4ZDSIpTt813vMJ4m0kBWObmg8TjTq+PSrl:rxASCD76CwkuPix/e
Score

10^/10

icedid 3681413287 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid3681413287bankercore_loadertrojan

behavioral4

icedid3681413287bankercore_loadertrojan