icedid | da9808b8ff4cb35c22506256bdff6084738dd2027965f795ded5751021248f9b | Triage

Sharing

General

Target

20220829_ta578.zip
Size

162KB
Sample

220829-vfhh3addf3
MD5

afa71e01025babf04273d28f8a54c3ad
SHA1

d6bbc15837c2dbf0570c2d0f478d09dd5f06cc53
SHA256

da9808b8ff4cb35c22506256bdff6084738dd2027965f795ded5751021248f9b
SHA512

62d694ba431d77a27d66cc6eb8f7d26686af5c6ba545c9f1bc7a74d5f1d5ef7a8d8e5dfc201f507b55cfc5a1b615ce6c4d0896b7fe88779aca46fcdbc0b4ba04
SSDEEP

3072:IQjENa+i4s6aOvahvqDdv4LiFCMBMS2Z/NDPwp9ouoGCc5AUuLGuTfq6rxwOq:XIa36aaYvqxv4LileSiVPK9o65AaEqMa

Score

10^/10

icedid 2260774107 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2260774107

C2

godenfasternow.com

Targets

- Target
  
  5.bat
- Size
  
  31B
- MD5
  
  0a0cd27c010edcb08b934c40ac8cfaed
- SHA1
  
  9d8db196561e7ef52b2324560ab6e1f7ea206d62
- SHA256
  
  9e74609bc28e858af96a70ba0470efd010fe861b0af2a1a88cb8909cb1c0a879
- SHA512
  
  c8b644cdc71f5e45ca3af947f1a027479a8b5aae302b5852d382462b4bb5e29fa45a272f74eb8f89d2d5a0e466ca5f6a5ce1076ac43927ae8aa18e7cf85f5f14
Score

10^/10

icedid 2260774107 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  documents.lnk
- Size
  
  1KB
- MD5
  
  9629f10740cd3cb2765bb784d0e62dbc
- SHA1
  
  ef9019c89073520bdacc63bf93776fbe6a3d6aca
- SHA256
  
  e89cd1999517b47805106111e14de4a03669cac30adb3b3304655febce25955f
- SHA512
  
  094b0e4d4d7b6106e0b1cb4d32c124e62c691d3717af7b7a7bd3cb7d126adc33c79c816cc6ca00e162221804cf2b991d73159ff0b56a908fab5f7d6fa0a35e2a
Score

10^/10

icedid 2260774107 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  sterli0p.dll
- Size
  
  380KB
- MD5
  
  e9e5303e096a9ebaeba78b263606db4e
- SHA1
  
  a2464a65757e9b9908eb50d1f5e96482c3a55d65
- SHA256
  
  7e9363924e7474c720c067ea7fd84d2ef432d18f75b4f27da08fe8b797a4a503
- SHA512
  
  78ba25a072d401c3f07048da630f59734b23343a62e9e5158533a9f21b0457fb81d19767106ee69a8645ecc7dfa971d3c15e529686411361e1beefa755a7a265
- SSDEEP
  
  6144:aWV/m/2ucWBj0NM24rn2whH2paneB6W69yfue9+P024rn2XQ4LHvomnVyAy7SsB8:Z/ockjp24rn2whHdneB6WXue9R24rn2p
Score

10^/10

icedid 2260774107 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2260774107bankerloadertrojan

behavioral2

icedid2260774107bankerloadertrojan

behavioral3

icedid2260774107bankerloadertrojan

behavioral4

icedid2260774107bankerloadertrojan

behavioral5

icedid2260774107bankerloadertrojan

behavioral6

icedid2260774107bankerloadertrojan