icedid | 1d02432059afe64ed39c002baf0d448d8fa9ae4c694ebc79e7c317cf606e3a67 | Triage

Sharing

General

Target

scan-eff31ce0-a3c0-46d8-908b-4e425511445e.iso
Size

1.8MB
Sample

221005-nwqfaaedgl
MD5

49cb92069329966ee14e23851815e76f
SHA1

ed63bc4da31c45ffe6837469de93fe118650f379
SHA256

1d02432059afe64ed39c002baf0d448d8fa9ae4c694ebc79e7c317cf606e3a67
SHA512

03110ebb6a7f872f118bcb3e6a9686bf18835ac50fbc50b9d034c2fe37089479e2c0dc8677d773cc9f08fd93af44ba9f19e3ac95bb9c5e0b2bfc7af380e21b3e
SSDEEP

24576:h9WSyuKcpkgS/lmowAm/AzMiBJ9VuHfpv/2qcg0MeBTDG5h/rDBClNEeTn:h9pyTfBwAACGZDdKS/r1CYeTn

Score

10^/10

icedid 140125615 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

140125615

C2

fireskupigar.com

Targets

- Target
  
  scan-eff31ce0-a3c0-46d8-908b-4e425511445e.lnk
- Size
  
  1KB
- MD5
  
  8ff28dca0999e8569056509466709056
- SHA1
  
  7c035f7f672e4710e2cd56ceca55e8a380668342
- SHA256
  
  2b5bf9ed72e3456aa25a0c70166b18a1ea29c7b203b11fdc6a316b7b2658e786
- SHA512
  
  ecff57c3b2ea3eec5263f0a6a659f5f85e5caacd09002ad2c8cb716ca4a9a506d9a45e676c864a9a5088010a1e298302200cc1e5ae41958857e4eda25ffb1f63
Score

10^/10

icedid 140125615 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid140125615bankerloadertrojan

behavioral2