icedid | 1c402e3946ab59f7a28729fd215b4fb79356df8e27056ab2510db9d41721eb13 | Triage

Sharing

General

Target

core.zip
Size

1.4MB
Sample

220829-we2qzseac3
MD5

72e9c2c604085c7658c4cf32567301a3
SHA1

9e19092f00355999492761807cd748af922f6f2a
SHA256

1c402e3946ab59f7a28729fd215b4fb79356df8e27056ab2510db9d41721eb13
SHA512

4b7a5cdedbd030fc63edcd71040237bff67b19c01c512a69adbe95fca851120b744a8778b87f919362cbc904eb6606a634849fc3ca048b409e7e77c339c01c08
SSDEEP

24576:RNonwe/0Yvuann9Rq95PIMn6JklcEItQLW0CZ3xH2rh:R+nwe/dnnn98gMnFlBItcWThy

Score

10^/10

icedid 1573268852 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1573268852

C2

peranistaer.top

gruvihabralo.nl

ultomductingbig.pro

crabsbolt.art

Attributes

auth_var
22
url_path
/news/

Targets

- Target
  
  beyond_x32.tmp
- Size
  
  374KB
- MD5
  
  32aea809a8a79c081bba57cb6084a168
- SHA1
  
  b14e327f69ed1a8695e1fcff7ffd952751793568
- SHA256
  
  22c114d82f2a146077ed94710852b9149a323ef9c880ed94f4f870794d160bc5
- SHA512
  
  ff1c4779cbdfde06ff191bb7671bf6610d57e4c561520ade7f752a0390c4182c9f5e7a8954ca50cca94376d19027467b77ad378fe83451276b281c89d3cba574
- SSDEEP
  
  6144:FpYvFeKyazeeHvomnVH0Inna0E4sWg24rn27Nu8ll24rn23oCJ9ymQH242V+JX7W:nYvuLJInna+sWg24rn27Nu8ll24rn232
Score

10^/10

icedid 1573268852 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  cmd.bat
- Size
  
  168B
- MD5
  
  2fb6e08cba2d5a078619da98f4d09615
- SHA1
  
  78fabd9e81455cab89eaa105b4517ecd91a4e259
- SHA256
  
  14ab1426f7a0ccf3087a89686c5c666e526ec03bca6e6f0e7a110c06f2c8da08
- SHA512
  
  74e95335097b1d6e8d6de9d56c9fb603fcdd8e43ea55f448fe82c6b6bc66948f36818e696af26629c20f4930777352583bf6f2339755ad9dcdb9c9b1d126c0e3
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid1573268852bankercore_loadertrojan

behavioral2

icedid1573268852bankercore_loadertrojan

behavioral3

behavioral4