icedid | bf2ccde7038ac86455d499d9441363ae35599b48903847e02cf461164c1b533f | Triage

Sharing

General

Target

core.zip
Size

708KB
Sample

220827-ab3yzscda9
MD5

b384913841c238637b9a7a3da2679630
SHA1

639fa1abc07b4dab26c15138e1a74c33af126c68
SHA256

bf2ccde7038ac86455d499d9441363ae35599b48903847e02cf461164c1b533f
SHA512

798469400e098e3cbbd54a6fac60f8eff1bc6cce4968bf198fc7bf1591cf7916802f5db8a2b23c4003fd724492fdbb235ff44d11551a5175be778a1f18f250c9
SSDEEP

12288:J3bYvuLJInna+sWg24rn27Nu8ll24rn23oCaHeKLOkw8R5CtDMEuW0UvC23nIuJS:ZYvuann9RqyItQLW0CZ3xH2r9

Score

10^/10

icedid 1573268852 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl

ultomductingbig.pro

crabsbolt.art

Attributes

auth_var
22
url_path
/news/

Targets

- Target
  
  beyond_x32.tmp
- Size
  
  374KB
- MD5
  
  32aea809a8a79c081bba57cb6084a168
- SHA1
  
  b14e327f69ed1a8695e1fcff7ffd952751793568
- SHA256
  
  22c114d82f2a146077ed94710852b9149a323ef9c880ed94f4f870794d160bc5
- SHA512
  
  ff1c4779cbdfde06ff191bb7671bf6610d57e4c561520ade7f752a0390c4182c9f5e7a8954ca50cca94376d19027467b77ad378fe83451276b281c89d3cba574
- SSDEEP
  
  6144:FpYvFeKyazeeHvomnVH0Inna0E4sWg24rn27Nu8ll24rn23oCJ9ymQH242V+JX7W:nYvuLJInna+sWg24rn27Nu8ll24rn232
Score

10^/10

icedid 1573268852 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  cmd.bat
- Size
  
  187B
- MD5
  
  fcfd27ec4fb2d4f7d988b15da6cc02c8
- SHA1
  
  0aefd23617dda369f19b8264c2affd9a185eed97
- SHA256
  
  1aadfec2e8aa15429672f3f0cd7d6c68b85fe2b363025ee2c2fa57f07bc1c679
- SHA512
  
  cba889bcc22339d8388ba5cd1885a3408cad040dbf0a1d0711c922f8a445db0d4375e22a11be6e7a76ec63094dfa62d4108ab06fe14dcb861eba46f49cf34328
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid1573268852bankercore_loadertrojan

behavioral2

icedid1573268852bankercore_loadertrojan

behavioral3

behavioral4