icedid | 355884907e4b172c18a96d4788616c524e5398a4639a45b4aaf71bd467ca819a | Triage

Sharing

General

Target

Aug.31.2022.zip
Size

158KB
Sample

220831-vhb43aahd8
MD5

0d8696c674fb37c34c3f1f936209947b
SHA1

aafc810e6980afec8bd5bac87f03a7cdecf25189
SHA256

355884907e4b172c18a96d4788616c524e5398a4639a45b4aaf71bd467ca819a
SHA512

53acd4aa6bf99b02d6c048eaaea65f06649f711efac17e7bbacb3ef4f9443cf156580611402ea572524d6db55dda01ee778defb3f0955e6867ee8b3d600985c6
SSDEEP

3072:XUZgiy/QSY9GaFEWd2c+UrcdSYwqUtyfFPcwv16q7ofo:XzKGaFnUc+UrZYdDfywvAq7l

Score

10^/10

icedid 2260774107 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2260774107

C2

godenfasternow.com

Targets

- Target
  
  5.bat
- Size
  
  31B
- MD5
  
  0a0cd27c010edcb08b934c40ac8cfaed
- SHA1
  
  9d8db196561e7ef52b2324560ab6e1f7ea206d62
- SHA256
  
  9e74609bc28e858af96a70ba0470efd010fe861b0af2a1a88cb8909cb1c0a879
- SHA512
  
  c8b644cdc71f5e45ca3af947f1a027479a8b5aae302b5852d382462b4bb5e29fa45a272f74eb8f89d2d5a0e466ca5f6a5ce1076ac43927ae8aa18e7cf85f5f14
Score

10^/10

icedid 2260774107 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  documents.lnk
- Size
  
  1KB
- MD5
  
  9629f10740cd3cb2765bb784d0e62dbc
- SHA1
  
  ef9019c89073520bdacc63bf93776fbe6a3d6aca
- SHA256
  
  e89cd1999517b47805106111e14de4a03669cac30adb3b3304655febce25955f
- SHA512
  
  094b0e4d4d7b6106e0b1cb4d32c124e62c691d3717af7b7a7bd3cb7d126adc33c79c816cc6ca00e162221804cf2b991d73159ff0b56a908fab5f7d6fa0a35e2a
Score

10^/10

icedid 2260774107 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  sterli0p.dll
- Size
  
  380KB
- MD5
  
  bbb770bfe406623ebc8723d8a8e8cc16
- SHA1
  
  14366c06fa6fb5573174b81433f54ee5a583c693
- SHA256
  
  393ebe76e38c507b53fd22b0df7ffbbf355b4f2ac7c44863a8b4721dd9dda1f7
- SHA512
  
  dee10df1424b8f31650d919eb1e840b0aa355f8d1b94463feb6657e7a0a956cbb92bf32b69aa8399020fce72c02749721f5b33f9d500ff02a54464f3504b2d79
- SSDEEP
  
  6144:uWV/C/2ucWBj0NM24rn2whH2paneB6W69yfue9+P024rn2XQ4LHvomnVyAy7SsB6:F/8ckjp24rn2whHdneB6WXue9R24rn2/
Score

10^/10

icedid 2260774107 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2260774107bankerloadertrojan

behavioral2

icedid2260774107bankerloadertrojan

behavioral3

icedid2260774107bankerloadertrojan

behavioral4

icedid2260774107bankerloadertrojan

behavioral5

icedid2260774107bankerloadertrojan

behavioral6

icedid2260774107bankerloadertrojan