icedid | 55bdf10d6023e63ec3d16da09aaaa5f8a0c2e626ab95834655c42be2da1be279 | Triage

Sharing

General

Target

Invoice_229_document_09-06-22_unpaid.iso
Size

1.5MB
Sample

220929-vqha2scdgq
MD5

5744c592b0b2d7fce88afd43cd6bddfd
SHA1

06598035fbe74bba86c248c087e9e7a70cbe51ac
SHA256

55bdf10d6023e63ec3d16da09aaaa5f8a0c2e626ab95834655c42be2da1be279
SHA512

0024ea3b218588ae0b26d9a1d59539541e70910db3e6edd1e817748be86f859df62dea580cf8dfd3ce680f28962ec17cb6deae1c11a6c5c55893e6519e338bca
SSDEEP

1536:/H9WeOEkTdgUZNSe9iyMt22+Y8jddOnDfL3M5J8Q9u0P:v9zOECgTe9iyMt5GjdW7M5ZM

Score

10^/10

icedid 2211825656 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2211825656

C2

academfleedalas.com

Targets

- Target
  
  Invoice_229_document_09-06-22_unpaid.iso
- Size
  
  1.5MB
- MD5
  
  5744c592b0b2d7fce88afd43cd6bddfd
- SHA1
  
  06598035fbe74bba86c248c087e9e7a70cbe51ac
- SHA256
  
  55bdf10d6023e63ec3d16da09aaaa5f8a0c2e626ab95834655c42be2da1be279
- SHA512
  
  0024ea3b218588ae0b26d9a1d59539541e70910db3e6edd1e817748be86f859df62dea580cf8dfd3ce680f28962ec17cb6deae1c11a6c5c55893e6519e338bca
- SSDEEP
  
  1536:/H9WeOEkTdgUZNSe9iyMt22+Y8jddOnDfL3M5J8Q9u0P:v9zOECgTe9iyMt5GjdW7M5ZM
Score

10^/10

icedid 2211825656 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2211825656bankerloadertrojan