icedid | 8a481ef6a4aae7aaf85ac7082a8813d32cbce4f0bc8c4059904e96c981dba6e3 | Triage

Sharing

General

Target

core.zip
Size

445KB
Sample

220909-t7653acdep
MD5

bccb11bfa1e02f9805b48ea51edde6bb
SHA1

1666b0f0e00ff92a96c2c4416cbeaa0fe0ccc94c
SHA256

8a481ef6a4aae7aaf85ac7082a8813d32cbce4f0bc8c4059904e96c981dba6e3
SHA512

d54ac19c7be23f50e9e9a38adce5e71f181fdf4ce03bfbb707d9fcf7f8cbf8eebfcd9bea0b7f84f8be1652926acdb9d9b52e80984473a84769a616c44ec2cc4d
SSDEEP

12288:orV6uURg7xsEkhxOyw8RXCt1MEuy0AvCUBnIuJxKiKYb:VQ+EkhLytWLy0utBxHKru

Score

10^/10

icedid 2603480109 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2603480109

C2

atommonga.art

fathecomel.lol

Attributes

auth_var
2
url_path
/news/

Targets

- Target
  
  core.zip
- Size
  
  445KB
- MD5
  
  bccb11bfa1e02f9805b48ea51edde6bb
- SHA1
  
  1666b0f0e00ff92a96c2c4416cbeaa0fe0ccc94c
- SHA256
  
  8a481ef6a4aae7aaf85ac7082a8813d32cbce4f0bc8c4059904e96c981dba6e3
- SHA512
  
  d54ac19c7be23f50e9e9a38adce5e71f181fdf4ce03bfbb707d9fcf7f8cbf8eebfcd9bea0b7f84f8be1652926acdb9d9b52e80984473a84769a616c44ec2cc4d
- SSDEEP
  
  12288:orV6uURg7xsEkhxOyw8RXCt1MEuy0AvCUBnIuJxKiKYb:VQ+EkhLytWLy0utBxHKru
Score

1^/10
behavioral1 behavioral2
- Target
  
  core/cmd.bat
- Size
  
  176B
- MD5
  
  d4a852ee5daf247f443639b24565219c
- SHA1
  
  a08c0ec3df5306da3822d36d8c6bc751c5178e00
- SHA256
  
  63e8b1d569b0dc03c413e22c1f79b5ec315c33ce2b5cd45c3b3d566be9300acf
- SHA512
  
  97494e9f2beee3b26d8829227c323d4834a414e5a044336f4a4c27199a6dcec23ce9649b29e4a10ead774d14295eff3f0fa9bec36a14d84e36385c7f98db5519
Score

1^/10
behavioral3 behavioral4
- Target
  
  core/license.dat
- Size
  
  334KB
- MD5
  
  d79b38f4eeec42a014c9337f48ba3f2b
- SHA1
  
  287f00b634c2d24a9731ebb52c4d1c1067abf864
- SHA256
  
  1de8b101cf9f0fabc9f086bddb662c89d92c903c5db107910b3898537d4aa8e7
- SHA512
  
  32fa3bb6ab5c0ea1585fedcfbbfd803a394a5d792a90e4b7794b1234c40af19f2d3339b3e7253eb0b4e4256e024289d72f97af25587cced704a41a2ef3b5b5ad
- SSDEEP
  
  6144:yOanrw8uZ+iZN1CCtDRiDwqIC5QpzXEYbvC2NFnIuJxCJiSRNDTdsHB2eT:yOkw8R5CtDMEuW0UvC23nIuJx2iKpu
Score

3^/10
behavioral5 behavioral6
- Target
  
  core/occur64.dat
- Size
  
  272KB
- MD5
  
  db6db9aff66e3052ab123b3829e51435
- SHA1
  
  863cc5ba4a34050e1f419ab65a63a1816f257258
- SHA256
  
  b267d3ef98124f0d599c83e0107e4683cd7bc7a151428839ded8496abeecd1cb
- SHA512
  
  38d823c558fa36a08be6870648cce17e5bdb9288d3093f2a4cdc92507e08ae95cd16ece877977b7008bdd469e92eb9743556ad5c4082e4fecf94162840c46db9
- SSDEEP
  
  3072:7zUR7Ig+dhPI82QeI0q7AfVgNGZHfvrt38EbkcfmqS3qorSDP6tngCiq:7zUR7IndhgdTDqNGZHfDVbbvtU8YgCH
Score

10^/10

icedid 2603480109 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

icedid2603480109bankercore_loadertrojan

behavioral8

icedid2603480109bankercore_loadertrojan