icedid | b2bfbf4ebee23a12425d38e65482a578add6109f9feb1a3fad92a8e00a465aef | Triage

Submit
Reports

Overview

overview

Static

static

b2bfbf4ebe...f.html

windows10-2004-x64

Sharing

General

Target

b2bfbf4ebee23a12425d38e65482a578add6109f9feb1a3fad92a8e00a465aef.html
Size

1.6MB
Sample

221012-s9waxaaag8
MD5

5a81bb374e81533579ebbe839ee47fea
SHA1

14c31aed809fb360e2f1e0d328414fbc87441b39
SHA256

b2bfbf4ebee23a12425d38e65482a578add6109f9feb1a3fad92a8e00a465aef
SHA512

a940c715a220bebb068eb45e73ff98b8bf1e25daa16ffe559dfd372389a553c4d253d71eda91798db08cba063257dbd665a274f7d36a49a5263979c71d80e380
SSDEEP

24576:Um49ebBHSjIYBOZUPmT+haWSQ4HYHLQ2NOgZMEe2N0W6SQoCll0n:UdjIhZGmUae44HLQzsmjSDrn

Score

10^/10

icedid 140125615 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

b2bfbf4ebee23a12425d38e65482a578add6109f9feb1a3fad92a8e00a465aef.html

Resource

win10v2004-20220901-en

icedid 140125615 banker loader trojan

windows10-2004-x64

16 signatures

300 seconds

Malware Config

Extracted

Family

icedid

Campaign

140125615

C2

fireskupigar.com

Targets

- Target
  
  b2bfbf4ebee23a12425d38e65482a578add6109f9feb1a3fad92a8e00a465aef.html
- Size
  
  1.6MB
- MD5
  
  5a81bb374e81533579ebbe839ee47fea
- SHA1
  
  14c31aed809fb360e2f1e0d328414fbc87441b39
- SHA256
  
  b2bfbf4ebee23a12425d38e65482a578add6109f9feb1a3fad92a8e00a465aef
- SHA512
  
  a940c715a220bebb068eb45e73ff98b8bf1e25daa16ffe559dfd372389a553c4d253d71eda91798db08cba063257dbd665a274f7d36a49a5263979c71d80e380
- SSDEEP
  
  24576:Um49ebBHSjIYBOZUPmT+haWSQ4HYHLQ2NOgZMEe2N0W6SQoCll0n:UdjIhZGmUae44HLQzsmjSDrn
Score

10^/10

icedid 140125615 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid140125615bankerloadertrojan

© 2018-2024

Terms | Privacy