icedid | d9207c37cdab01697d1431d0237d1fc7db1ef2f9db4731124b4f025cf5cc3420 | Triage

Resubmissions

21-09-2022 14:33

220921-rw846sgeb8 10

21-09-2022 14:30

220921-rt5zqscagk 1

Sharing

General

Target

Invoice(165)#09-21-22.iso
Size

1.8MB
Sample

220921-rw846sgeb8
MD5

eb2f677b8017e7df9e48bc907e606ee2
SHA1

57077c5203f7b9c82e805ebc207514d73747fc8b
SHA256

d9207c37cdab01697d1431d0237d1fc7db1ef2f9db4731124b4f025cf5cc3420
SHA512

dc4a056e21ee1e7acbd6f03a4cc82d40524cd4ef1ef6688ce2b69f2cfa827a8e73523c473865b081091236a1e89994439ca1b80cc3e47c0b9bc1f12873d569c1
SSDEEP

6144:imXcJHP7csJqGGCfXJo0w4wNfL75I2iiXUw0JFY4npeGF:jOHP7tJp0762QlA

Score

10^/10

icedid 1367965656 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1367965656

C2

nikolandfantazy.com

Targets

- Target
  
  Invoice(165)#09-21-22.iso
- Size
  
  1.8MB
- MD5
  
  eb2f677b8017e7df9e48bc907e606ee2
- SHA1
  
  57077c5203f7b9c82e805ebc207514d73747fc8b
- SHA256
  
  d9207c37cdab01697d1431d0237d1fc7db1ef2f9db4731124b4f025cf5cc3420
- SHA512
  
  dc4a056e21ee1e7acbd6f03a4cc82d40524cd4ef1ef6688ce2b69f2cfa827a8e73523c473865b081091236a1e89994439ca1b80cc3e47c0b9bc1f12873d569c1
- SSDEEP
  
  6144:imXcJHP7csJqGGCfXJo0w4wNfL75I2iiXUw0JFY4npeGF:jOHP7tJp0762QlA
Score

10^/10

icedid 1367965656 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid1367965656bankerloadertrojan