icedid | 04d74d28b319a1c8dc8fe61710ce449ce0eaf94f81ca05d44fa1063eee324844 | Triage

Sharing

General

Target

core.zip
Size

400KB
Sample

220907-sfefashfbr
MD5

4e3be881708d33bfb919f1c4e1df33a4
SHA1

adbad35a5e3fad20404adc7ba4f74f5f2d4fc674
SHA256

04d74d28b319a1c8dc8fe61710ce449ce0eaf94f81ca05d44fa1063eee324844
SHA512

bed799ca737a0b683ba7a850d1c679656f383cfaeb6fc2f590b92e9663d264322821f68f09999d862db39ffee31dd18a7b4dd213fdec0a9a0a2cae7cd0be9162
SSDEEP

12288:oaFOkw8R5CtDMEuW0UvC23nIuJx2iKpyoJAiNstN:hItQLW0CZ3xH2rAKxN0

Score

10^/10

icedid 3524611504 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

3524611504

C2

wronigrabs.com

nokainptisarda.com

Attributes

auth_var
23
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  164B
- MD5
  
  afd6b8adc524d747e092b1d547da12e1
- SHA1
  
  0e2a75042c08b77acdff76b43504f94cfbda9283
- SHA256
  
  de789b9fee23895501872156ddfb2001f5948b9b4ba9800f13e20edbb5478c82
- SHA512
  
  66eb55b013253ad899fe1f20488328c73fecc9083e638a0620da1fe2fbe1002c1c5d0882abc783b919fce28476e0016513306fc1c49bdd2f51a5b5efaebbf82b
Score

1^/10
behavioral1 behavioral2
- Target
  
  tagx64.tmp
- Size
  
  66KB
- MD5
  
  12c02419eb18170261cbadfaaa32d405
- SHA1
  
  46b04de423696ad4e9e6d882d9d908da59ee3238
- SHA256
  
  dbbfcce4de60d01b8679956f0fb3f454e6987378a2ce2bf9e2ca7a7efbc334cc
- SHA512
  
  e663d8ae5c8be479be3572fa845927760e41ced9c325f8a55d34227d0e6495172bc9817d3861e36c500a61951784627e6422f77b2a47ea2800a04477b265963a
- SSDEEP
  
  1536:5huTBzDeNcLaSAQ/zC+XozehwqVFqhvNUwKhZIB4oakxce+h57:5hSzDeNc6OXJLsN2ZIiNh5
Score

10^/10

icedid 3524611504 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid3524611504bankercore_loadertrojan

behavioral4

icedid3524611504bankercore_loadertrojan