icedid | 9575b6d8481a6eed8cbe32cf1eeada4f1ee878051309a4dfec9a6dd47ec72a6c | Triage

Sharing

General

Target

Desktop.zip
Size

162KB
Sample

220829-wh8npschfq
MD5

3fb1a702650a24f629694136b8b07678
SHA1

eb4e1fdc5db4bf14b1fb778685cd7ffd24357f2d
SHA256

9575b6d8481a6eed8cbe32cf1eeada4f1ee878051309a4dfec9a6dd47ec72a6c
SHA512

c843bae89252a0cbbc3d8218eb207cb1f73556dd8ab8efac44d04a51abfac8c4c40ea5396ea987a8b91c0b19655bfdcbf198f304bef54c65aa597215663bd19e
SSDEEP

3072:CSe4+mmUFeSSioJ7vCgEa1QaGTn3xQ9tlgIXS6era64IxPx/E9+:jma49J7vHNaT3sRh8aJIxPx/K+

Score

10^/10

icedid 2260774107 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2260774107

C2

godenfasternow.com

Targets

- Target
  
  5.bat
- Size
  
  31B
- MD5
  
  0a0cd27c010edcb08b934c40ac8cfaed
- SHA1
  
  9d8db196561e7ef52b2324560ab6e1f7ea206d62
- SHA256
  
  9e74609bc28e858af96a70ba0470efd010fe861b0af2a1a88cb8909cb1c0a879
- SHA512
  
  c8b644cdc71f5e45ca3af947f1a027479a8b5aae302b5852d382462b4bb5e29fa45a272f74eb8f89d2d5a0e466ca5f6a5ce1076ac43927ae8aa18e7cf85f5f14
Score

10^/10

icedid 2260774107 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  documents.lnk
- Size
  
  1KB
- MD5
  
  9629f10740cd3cb2765bb784d0e62dbc
- SHA1
  
  ef9019c89073520bdacc63bf93776fbe6a3d6aca
- SHA256
  
  e89cd1999517b47805106111e14de4a03669cac30adb3b3304655febce25955f
- SHA512
  
  094b0e4d4d7b6106e0b1cb4d32c124e62c691d3717af7b7a7bd3cb7d126adc33c79c816cc6ca00e162221804cf2b991d73159ff0b56a908fab5f7d6fa0a35e2a
Score

10^/10

icedid 2260774107 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  sterli0p.dll
- Size
  
  380KB
- MD5
  
  45f75d18daa4a22193aacfc11014df87
- SHA1
  
  932c79ec1f5d7adcec6be29d27590a58f0628a16
- SHA256
  
  8abd086cc555878fc1648b74e5b20c590dad74b952e5aad67ee9863ababa5e18
- SHA512
  
  f371e1f1b29f2240d2f4493379419d46a1ed4121fe0ea3234a00c94ef93443c999957bc1f3da9b55ec573bc970dae0711ca82a8bd5381d73eab1f8f42cbd5afb
- SSDEEP
  
  6144:fCjwQMt24rn2QQcIU9ycLHvomnVomk81Wa+V7HH2424rn2bBnHIsWrXIy4tBuu8C:KjwQMt24rn2rcI9mk8nKHD24rn2tnHfj
Score

10^/10

icedid 2260774107 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2260774107bankerloadertrojan

behavioral2

icedid2260774107bankerloadertrojan

behavioral3

icedid2260774107bankerloadertrojan

behavioral4

icedid2260774107bankerloadertrojan

behavioral5

icedid2260774107bankerloadertrojan

behavioral6

icedid2260774107bankerloadertrojan