icedid | df267b09f93920c5dd33cbd6094df03ca41a5d7d92a450460a667a7b3b0a955b | Triage

Sharing

General

Target

Invoice_187_document_09-06-22_unpaid.iso
Size

1.5MB
Sample

220928-whze2ahhbl
MD5

80fbc2f5676b55ff35a1c1452317558f
SHA1

b2783752c98008b2a0fba3a747d59805a58ae8af
SHA256

df267b09f93920c5dd33cbd6094df03ca41a5d7d92a450460a667a7b3b0a955b
SHA512

31df67d1081a0fa6995cfe44279cfa951dd9b7b2c586a9128c8a39a71cdd0e6926cefec3227db7a0f304a89fddda9b080a3806043ea30eea78ec9cb838a36f71
SSDEEP

1536:FKpnyYaJ1qQDhH1kl8UyZYBlOduSzALTsRBuTHRT7VX5CHj6DYNzH57jT:wlyYCVrGBlOdl8LTAedX5CHjhp

Score

10^/10

icedid 2211825656 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2211825656

C2

academfleedalas.com

Targets

- Target
  
  Invoice_187_document_09-06-22_unpaid.iso
- Size
  
  1.5MB
- MD5
  
  80fbc2f5676b55ff35a1c1452317558f
- SHA1
  
  b2783752c98008b2a0fba3a747d59805a58ae8af
- SHA256
  
  df267b09f93920c5dd33cbd6094df03ca41a5d7d92a450460a667a7b3b0a955b
- SHA512
  
  31df67d1081a0fa6995cfe44279cfa951dd9b7b2c586a9128c8a39a71cdd0e6926cefec3227db7a0f304a89fddda9b080a3806043ea30eea78ec9cb838a36f71
- SSDEEP
  
  1536:FKpnyYaJ1qQDhH1kl8UyZYBlOduSzALTsRBuTHRT7VX5CHj6DYNzH57jT:wlyYCVrGBlOdl8LTAedX5CHjhp
Score

10^/10

icedid 2211825656 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2211825656bankerloadertrojan