icedid | b53d396ac76c035173b98f3427eb3ee2841fb1bbec358e6bdabe844e052565ab | Triage

Resubmissions

30-09-2022 15:16

220930-snr2csehal 10

30-09-2022 15:09

220930-sjyy4seghm 3

Sharing

General

Target

09-30-2022Invoice_PDF#3323.zip
Size

276KB
Sample

220930-snr2csehal
MD5

ed4ca81aa26cd0ffab035b125020a693
SHA1

12f2d91e7798332cbf970f548cc8b845eb44cad9
SHA256

b53d396ac76c035173b98f3427eb3ee2841fb1bbec358e6bdabe844e052565ab
SHA512

8c02eaaecb0ffd8fe82d921373a90a07b5a6366007947e828752a64a425cea0371a17ded573ccf05f7324d6edd8f9bcbeb8a859f186df1b9d282ac08458b3a5e
SSDEEP

6144:K5IGnYPXgUmQCUpFii4InzIjR4zJi0zjgct:KiGnYP/uUj/e4zJioP

Score

10^/10

icedid 2399258081 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2399258081

C2

eysneolissionsm.com

Targets

- Target
  
  Invoice_PDF#3323.iso
- Size
  
  1.0MB
- MD5
  
  9b5215624a292a67f7509361b5dda6cc
- SHA1
  
  36ff1eb10897ec793952ec048c66bf49405bf3b6
- SHA256
  
  04dfc89aacade90557c6006bc54fc9055c7e813f1b8d9f036b32f2cc2256e319
- SHA512
  
  22c6705da86e02e74e77a9685003513d1b9c77dfcaef050b29412e004c5415b369ee6066c8fe2bbb67c15f08728795fb011236972599ed83264b4c92f378ee57
- SSDEEP
  
  24576:0NSuK0NnWHpHpNHH2w2wywFHHyH5HGw9G:buKEWHpHpNHH2w2wywFHHyH5HGw9G
Score

10^/10

icedid 2399258081 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  Invoice_PDF.lnk
- Size
  
  1KB
- MD5
  
  6d5dc3373d85a683a208a9a9897bb3eb
- SHA1
  
  7a1c50243aa99c18a21d6dc444b4a3b3fd63012b
- SHA256
  
  43b177be94f3c9c1a31ac719b04ee58664d42ab4877f1d440be0e98e8918f381
- SHA512
  
  c135c5931cd18eaa90ebdee6a105d33002c813b27001240c83336da39fa655e2d8eb84a14c7cb74453ae5545cf61cc8da3c47b6e5dc8e4382c0df8aacff9c2a5
Score

3^/10
behavioral3 behavioral4
- Target
  
  unamortized/greenflies.db
- Size
  
  672KB
- MD5
  
  b883e713662de178f28aed1e0cb2415a
- SHA1
  
  1e06413c62ad437fcb834fadfb46356292a9fed0
- SHA256
  
  4b0d09fd90b130ae8720b4bef7af836489b6f3c70b9720100b682ebac7f3c8b9
- SHA512
  
  debacde312690515ce2f785a6d0e47bc5c798a6848dfc17a01ec5581790069a882b64e606c2383c60561a09f86b649afa01f323e4d77649479db9d84476b4820
- SSDEEP
  
  12288:VM1Mpwyhw4wH2W7o6m/wAwBwf0CM5nANy/wXwwwZwfDnzGy//0QVdrt/pI9:VNSuK0NnK
Score

10^/10

icedid 2399258081 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral5 behavioral6
- Target
  
  unamortized/suspiciousEns.cmd
- Size
  
  80B
- MD5
  
  fa42c4cce0df95c36aea02af342a92f7
- SHA1
  
  dfbff543e85bba977bed9e92a7d1da6deef80645
- SHA256
  
  8be66f5319fe806f24d254f23f626e5e7f7e4a4719b6b4902d292e25926feb14
- SHA512
  
  8538f249e688cabae02272fe8908c1653687268bd01545c2ccf048d94f53b239253cfe2e5dc7fa31cf4bf190f0c70dddda7e76f488d1f5b83811a955590f7536
Score

1^/10
behavioral7 behavioral8
- Target
  
  unamortized/unquestioninglySheltered.js
- Size
  
  258B
- MD5
  
  b4f900ff954b59b01a946a940774b92c
- SHA1
  
  b9455edf2eb698c4d4a729c478d3a8f5edd369c0
- SHA256
  
  1288fbc8b890097e2c76fae304a50ec60dc58e18a4ee99ad2139c540c11eecad
- SHA512
  
  3b0da90a7755a9f0dd28979a78091e14aacce75575118ddde074fcb3348832f8ccfa2536870f948e82f5486a3a48bf7d696fd5ebf1065e5b607e8930d8078365
Score

3^/10
behavioral9 behavioral10

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2399258081bankerloadertrojan

behavioral2

behavioral3

behavioral4

behavioral5

icedid2399258081bankerloadertrojan

behavioral6

icedid2399258081bankerloadertrojan

behavioral7

behavioral8

behavioral9

behavioral10