icedid | 5fd21868cb4c86562efb02bd4df02f37dc150998b42aeb94a1e48581b45798f4 | Triage

Sharing

General

Target

q.ZTH
Size

479KB
Sample

221004-q8hbjsbbb5
MD5

025023059e2305805483b3d9a3928ab7
SHA1

e03d1c9af2730970ae77383d73fbe0d61b9b409f
SHA256

5fd21868cb4c86562efb02bd4df02f37dc150998b42aeb94a1e48581b45798f4
SHA512

d0bebb369bfd2928276377bafe2592406a864e5aed53602bcb76d41191855dc505f89b7f004df2d4905cde1566817e8ca7f951cf4ba41337ca55cfa99c24ee9b
SSDEEP

6144:Kclka+UBglo1nKcp2ryjMd1qrWaFcnzsjmVmdU7gEWetyaSkdQ2DQCfwv:D+EnKcpqy4eVamB+220

Score

10^/10

icedid 140125615 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

140125615

C2

fireskupigar.com

Targets

- Target
  
  q.ZTH
- Size
  
  479KB
- MD5
  
  025023059e2305805483b3d9a3928ab7
- SHA1
  
  e03d1c9af2730970ae77383d73fbe0d61b9b409f
- SHA256
  
  5fd21868cb4c86562efb02bd4df02f37dc150998b42aeb94a1e48581b45798f4
- SHA512
  
  d0bebb369bfd2928276377bafe2592406a864e5aed53602bcb76d41191855dc505f89b7f004df2d4905cde1566817e8ca7f951cf4ba41337ca55cfa99c24ee9b
- SSDEEP
  
  6144:Kclka+UBglo1nKcp2ryjMd1qrWaFcnzsjmVmdU7gEWetyaSkdQ2DQCfwv:D+EnKcpqy4eVamB+220
Score

10^/10

icedid 140125615 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid140125615bankerloadertrojan

behavioral2

icedid140125615bankerloadertrojan