icedid | 49baabcb1c85c72d79fcfda449349253cdcb87abc3ab0f365847a3ed6cba6d68 | Triage

Sharing

General

Target

core.zip
Size

1.0MB
Sample

220913-tjpacagab7
MD5

ba307264d1b0f8594cfbfad597570c5e
SHA1

fbeba6a2b7ecf784af17679dfd138106229a0588
SHA256

49baabcb1c85c72d79fcfda449349253cdcb87abc3ab0f365847a3ed6cba6d68
SHA512

67d8692b66c1b7892291459519e3ab568158ad1acc24734157802c1327bb5f19608352edf71d1bbe3978d73ace5eeec155838bcfd5a92f0e4f040c4f96e13080
SSDEEP

24576:AkhKLuC2Rkj6y8N1ArcqQj7uJuvvItQLW0CZ3xH2rR:AkhMuC2RkjIKrcqQfuJuvvItcWTh4

Score

10^/10

icedid 536628885 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

536628885

C2

azuretron.wiki

cantfluing.autos

Attributes

auth_var
2
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  187B
- MD5
  
  7af159bdbdb76688581928c02f50f530
- SHA1
  
  19353fe45da40293417021d98969456de4911c29
- SHA256
  
  4b76ce09dde6ae61ae4c2ec17ec88fd21bc9ae1aea2ca10a56c7a448bc7fe45f
- SHA512
  
  381a8888bdfb75c4e16cabd67d014b4d914b887f64b97b3021de078068e6d575958ee5c67d4ba1b21148f5ef74b4aa663b28889c2eea226ad559428aac10d1b4
Score

1^/10
behavioral1 behavioral2
- Target
  
  whalex64.tmp
- Size
  
  693KB
- MD5
  
  5f9c93cc3bde2755cde50e744528238c
- SHA1
  
  9b474374ee788c23d60fc5ad1d94383b734a0a0f
- SHA256
  
  e17f446ec29eb378fdfc7edb8662a49819592a16c72891c69df6b47506525827
- SHA512
  
  0369ae1e429580a23ccf99e479cf5f00ff25f655eca7e242cb8a290c7e763d9609f11c6195b32f218604797b029a0799ea162c2c3ea3c892cde031867045a67b
- SSDEEP
  
  12288:EGOzqVhKLuC2Rkj6y8N1Arcqmtm1107uJtC9BSEF:okhKLuC2Rkj6y8N1ArcqQj7uJuv
Score

10^/10

icedid 536628885 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid536628885bankercore_loadertrojan

behavioral4

icedid536628885bankercore_loadertrojan