icedid | 7a4f8cbe31af9949183720f694f23e5cd7e366ca767704b6c2bd52f5f73d9260 | Triage

Sharing

General

Target

core.zip
Size

1.4MB
Sample

220926-yrh6hsbhe2
MD5

4099709dc74faec7d3cb5a724746ef7a
SHA1

4a2dd34fdd34e8f6d6fc3fb19478cdf6d45c5b86
SHA256

7a4f8cbe31af9949183720f694f23e5cd7e366ca767704b6c2bd52f5f73d9260
SHA512

2eaa3f5b00a88ed3c377b96977a736b5968d2f1eeaa630b7270eeb8383bcc97f5529c038b54647538ce623394865c299e3dfd0dc09a4304071c81667644b2f23
SSDEEP

12288:818NeMiWhvCoy0jn94J7mCflxJilgA4j9pI18WJ/PBXJvCP4CyyDUy6:zsWhvCoDpqbdHPy8WRtJvCgCJE

Score

10^/10

icedid 2603480109 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2603480109

C2

enamulat.me

frabigwin.info

Attributes

auth_var
7
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  187B
- MD5
  
  b332e5f27adbbd9b2aa14867e68c4175
- SHA1
  
  bc5a3d8ba76d90c1027240c614fed79824d24fd7
- SHA256
  
  d09cff11dac1cf65d7cd4c276bd623ce18d94ef99581d4d62a18fc72158d9f89
- SHA512
  
  8d05c08c150676058ba75b954d93d7510b28fe6c85d5b323482dade12edd988364b21f9b036d489cd72c9837bd855e2b1f86d3dcb371fc32c5166a1c211edef2
Score

1^/10
behavioral1 behavioral2
- Target
  
  true_x32.tmp
- Size
  
  522KB
- MD5
  
  84e96f3221a94688e42c3495afbb48f5
- SHA1
  
  0e887a5571591a1613a35266570a50d0a3ac9ac8
- SHA256
  
  d887c60d18949e7ae121dda69d4a25d331be6b2b806d66f57dc4b20b6b12f069
- SHA512
  
  53857d362ebec8698f1e4e22ea9677a023d085086059e63ab02915f37612373c5fff3aff8cfcde2a1daf9df0fa521e0bb5bffc4a8d47c3115d99cc06ea6099c8
- SSDEEP
  
  6144:MNmJMUpS5OozDKkAie/kvCvwyLhi7vkXgpvhNRn:MNeMiWhvCoy0jn9
Score

10^/10

icedid 2603480109 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid2603480109bankercore_loadertrojan

behavioral4

icedid2603480109bankercore_loadertrojan