icedid | e7260e6e501fb02f1da73e5eec216b807c6a4c3af1a186376b19110c348efd6e | Triage

Sharing

General

Target

core.zip
Size

656KB
Sample

220901-sbqb1ahda6
MD5

deb7fc675bc8db951f2e570c2f66c5c9
SHA1

36bc2986402ee15304b691df73436b7a865affbd
SHA256

e7260e6e501fb02f1da73e5eec216b807c6a4c3af1a186376b19110c348efd6e
SHA512

66e47186ff7d2edb32fc32e5f9f66c85d6b53f357a3d716c8f8903615c49cb29c8c0cfeb585fb2aac9d2520aba67b2c18bb8854b1f9a87271b6dac84296376e5
SSDEEP

12288:ZtYNa7gNWOkw8R5CtDMEuW0UvC23nIuJx2iKp92B:MNa7TItQLW0CZ3xH2rU

Score

10^/10

icedid 2672825827 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2672825827

C2

cementqbilly.com

qaderation.top

dilopmeska.top

zroybalkane.com

Attributes

auth_var
22
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  168B
- MD5
  
  7faeccf57e75a2c988f74376213464b1
- SHA1
  
  3025f329b356ed4770ea7a5936d86e370f9f0781
- SHA256
  
  bf4eeb7256be831aea159106daa46ef9f38350e4a15eef276796b6ff9f239800
- SHA512
  
  fc6f4bab019bbe29cfca9ac564da6de40afde0fe9c9947ae4f73559813de7fbac8416c337c741441921f96d240006f50983f250a36881657dcf123ffb0f7283e
Score

1^/10
behavioral1 behavioral2
- Target
  
  meadow_x64.tmp
- Size
  
  321KB
- MD5
  
  6419c9de91fd95904fb3f2e1b6352501
- SHA1
  
  e8e171399abd5f092d55dd71ce52ea9e4ed3121e
- SHA256
  
  b52131f2f6127729d0c39b47a366d6795582b4fa148610f1cb706e48ff875d34
- SHA512
  
  97987a06a53442f07323c4070e1fb2613300bf478b56d37b1c6a8def54b60ab1929ac3c5c13e2de7db33c07c39d752311569698405848f7c4b1389692bf0228b
- SSDEEP
  
  6144:lCNvFl6Spkhd/c+FZCG6w52ogSEHENKC36M0:INa7gN
Score

10^/10

icedid 2672825827 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid2672825827bankercore_loadertrojan

behavioral4

icedid2672825827bankercore_loadertrojan