icedid | 0a7f377d19ba4c93d523af53cd58cbb00d05e070823d6ce6c967990d40cfcaa1 | Triage

Sharing

General

Target

plenitude.db
Size

532KB
Sample

220926-vmdtfsbdd5
MD5

c98a6f9e8a1118650945086e7064a2b7
SHA1

4b40e46398e48350af80692105c65d87342f6140
SHA256

0a7f377d19ba4c93d523af53cd58cbb00d05e070823d6ce6c967990d40cfcaa1
SHA512

1b66d5bbc0e4669e1ce48a894e78c61857ab3444ac59833c8b394a5b47fe5a0110038e4ceea12e9c1086a28356d5065334b00a1a1bd1ef4d4118b9627ac02ddc
SSDEEP

6144:C+86v2VKRnZEvCijwzDv35F5+Djwy/QCn5drokAieihT:C0v6vCij+3yB31BT

Score

10^/10

icedid 2537954433 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2537954433

C2

scainznorka.com

Targets

- Target
  
  plenitude.db
- Size
  
  532KB
- MD5
  
  c98a6f9e8a1118650945086e7064a2b7
- SHA1
  
  4b40e46398e48350af80692105c65d87342f6140
- SHA256
  
  0a7f377d19ba4c93d523af53cd58cbb00d05e070823d6ce6c967990d40cfcaa1
- SHA512
  
  1b66d5bbc0e4669e1ce48a894e78c61857ab3444ac59833c8b394a5b47fe5a0110038e4ceea12e9c1086a28356d5065334b00a1a1bd1ef4d4118b9627ac02ddc
- SSDEEP
  
  6144:C+86v2VKRnZEvCijwzDv35F5+Djwy/QCn5drokAieihT:C0v6vCij+3yB31BT
Score

10^/10

icedid 2537954433 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid2537954433bankerloadertrojan

behavioral2

icedid2537954433bankerloadertrojan