icedid | afc163e768b17745831c198c6129598c5a417c1fbbefa32353e3b664636ba23c | Triage

Sharing

General

Target

8129076174.zip
Size

186KB
Sample

221005-vmbn4afbhp
MD5

baff217453841080930187dc28542e60
SHA1

4a09af1b75b15de2ca9395c7e2ddd36d20273047
SHA256

afc163e768b17745831c198c6129598c5a417c1fbbefa32353e3b664636ba23c
SHA512

c6ae3dbaa01bd18f46e583af9cba73a891381f0f35fb40bfbdf9215730158ac99fe8d54b67214ac055b30e11943e7668d24c1734d023f182d5bfbab35048baf8
SSDEEP

3072:ngUi6zvVX4DagdIUso2/a9hgwzPTuONDaT1Wqt334ZiVkKomp8WQbujKYpXOVmYP:ngwzdoG50u0ywzruONDagqOihoY8lbuc

Score

10^/10

icedid 2348925224 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2348925224

C2

fireskupigar.com

Targets

- Target
  
  1012395039d6528777157a54b934b8f393a2c883a78259ec3a6650301fa6e232
- Size
  
  479KB
- MD5
  
  af94d84f4a38ff1b85bb03b056057bd8
- SHA1
  
  80fd133209f7ebf1d3e8fbf3f31d020da356fec0
- SHA256
  
  1012395039d6528777157a54b934b8f393a2c883a78259ec3a6650301fa6e232
- SHA512
  
  0f7cf66d31315b9e6800e25ad92ad3a3f458a2627ddae5424741742a489b0268233f67908ea85d3043db0c5c419f0fdc7cc33299eff0c2d71ce9918549dffa90
- SSDEEP
  
  6144:Tu+Y+79+lSS5lrtyWz2RcnzEecili1nKcp4dbcYY7Dq79Yfw7CFwn/C6m3n:TTY+5CyWz2JnKcp49nUwn4
Score

10^/10

icedid 2348925224 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid2348925224bankerloadertrojan

behavioral2

icedid2348925224bankerloadertrojan