icedid | 4cfb03ec2dc2df83588e6b9c60625aab61833cd669001219b042891180602322 | Triage

Sharing

General

Target

core.zip
Size

736KB
Sample

220831-tkhh7aadb2
MD5

9d0fc29c2ae375c6d72d6fc29fa9b0fd
SHA1

3976a2846c42bc58270b92ce3569e01caa7ddaf8
SHA256

4cfb03ec2dc2df83588e6b9c60625aab61833cd669001219b042891180602322
SHA512

71fd88aecd7bf7d1029bddb52fc7bb3d5b7ff303312a6ac99ca62c02ef15fee8e1b0e4e94181d7faaedc13bcdf8a2ff8dd698e0d34049c136ef629937085d98a
SSDEEP

12288:CDZfDVPf5CKrKzscUTc2qOkw8R5CtDMEuW0UvC23nIuJx2iKpSw5:GDV/cItQLW0CZ3xH2rZ

Score

10^/10

icedid 310022019 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

310022019

C2

plorinnoult.com

cmbaindesureshure.com

assigdedrigme.cyou

empladeefly.wiki

Attributes

auth_var
23
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  166B
- MD5
  
  f8f1b7d082a6230faa74df702314ccf6
- SHA1
  
  170a01d359961d394854e8f80a659c2b778e301f
- SHA256
  
  b09fbf9324910099483ae25e73ef34b9de2ce167c0f7287d46b598d57bcd836d
- SHA512
  
  7dc67953ec9fb99d048962ee50f27a9664d81b235cf3606f0a52089ec190541dc49d5e6f37a5e3a753a0c52112f564af83ea075a510cf15601ec5f6f94283288
Score

1^/10
behavioral1 behavioral2
- Target
  
  erupt_64.dat
- Size
  
  401KB
- MD5
  
  d586f9807bbefbcf99b9d49a266246d1
- SHA1
  
  370104a5d2fa05a497807653c6938cc5aff3f994
- SHA256
  
  50f5f64ad9e5a10e40a76714b6ead5baf730a0768a5e3d9f5aa590cf511dd472
- SHA512
  
  956c463939f1e342835d204198624ac570787bb9a79d23319173c2f14beff49db11b9a04c25b56ff82856ff5cd1e8416a212a176f1140243d226547326ca25ce
- SSDEEP
  
  6144:R2Y8S6VZVe6Pf5CKRuT+KjDDscQtTcfO3eBwvuQ6:YfDVPf5CKrKzscUTc2
Score

10^/10

icedid 310022019 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid310022019bankercore_loadertrojan

behavioral4

icedid310022019bankercore_loadertrojan