icedid | 7aef84a0b5c87ada2445435121ce4222d59cd82888484e45476e26ff855de4e6 | Triage

Sharing

General

Target

demoscan-c49db520-dd57-4417-85a5-8dcf20de5330.iso
Size

2.0MB
Sample

221004-jjnnpsabak
MD5

09c683ef9df673428ecd0cf0b5054a3a
SHA1

acb1fd4f20cf0537d1323068f6b58c155c736738
SHA256

7aef84a0b5c87ada2445435121ce4222d59cd82888484e45476e26ff855de4e6
SHA512

4fbccb6ea4f14adef93493efd3177bed14d6e05e3fdda1f72735b166ecebed7955f05fb9b5f0386dcdc39dc5bfe6bb8850b6071fe3d9d5494223fe1302bdc822
SSDEEP

24576:GdxrPWjUb7LRC+aqp1TXhlELmgnCRaayhH2reN7n/x0BCpLU6892N6o10:GdxrOjQs+ZpSCgnC1wvNz7pLNN69

Score

10^/10

icedid 976968029 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

976968029

C2

triskawilko.com

Targets

- Target
  
  demoscan-c49db520-dd57-4417-85a5-8dcf20de5330.lnk
- Size
  
  1KB
- MD5
  
  8ca36e9fdc991883f27d51a0e82db255
- SHA1
  
  2cea6364d7592fd2d5ddc67ae6ec8caf08fb0cfb
- SHA256
  
  be55bf499476985669eb72638cce8015ff6f0e70ceb8f7eb21ef30100bef0a1e
- SHA512
  
  a0a57abab720f94b1d377954b1b3baaadfbebb9f97f1df76c2195fa887809014784653f6bbd0fd5b9db06cfb0a638b53663ebb981f4e35a31308dfffa92e4529
Score

10^/10

icedid 976968029 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid976968029bankerloadertrojan

behavioral2