icedid | 05289fdf2a8453e355040550b55a85aaff066dfd3e4fe9ff8558c54e6a12071f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

details_9626.iso
Size

224KB
Sample

221019-g67c8afebm
MD5

5748e5ce146f5356ca0fd973d4ceb57c
SHA1

67bf413767431f35373b70d50809c7b7f15626fc
SHA256

05289fdf2a8453e355040550b55a85aaff066dfd3e4fe9ff8558c54e6a12071f
SHA512

12d64b4ba33aea8696f17b1203ad629b45abc0260920cd4a1bfe0ff0300cf516f4517b59d33b075c87f9ba4c3e4661db81bed01af718d67615ca206db0102896
SSDEEP

3072:12IsZGaSWyGN4+79gLciVy/uxHGNi/+Qv2VlRgg6NHe0Gb:12IUVyuN9W1xHG0/are9e00

Score

10^/10

icedid 2959887884 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2959887884

C2

salimjizita.com

Targets

- Target
  
  facts.lnk
- Size
  
  1KB
- MD5
  
  28c829d86eeebda80fbb7a80919ee805
- SHA1
  
  b9f70882720987e2d00d7c6ef681908d208787e4
- SHA256
  
  4cb696f6a50cb2b73bf9a4d68f41a44d3c2486cd3fae518179aaaf69f5746ed9
- SHA512
  
  4830586a8706779dc366202c3c62b2b7055c94876f29b592ccbc200c42cfb80c6f5dcec2af7819c9f1b26318b48945bfc09c8705884ad833cc76bb08468e374f
Score

10^/10

icedid 2959887884 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  mountaineers/sold.cmd
- Size
  
  377B
- MD5
  
  a9d13e6527c49efcc49b4ff8d0303e0d
- SHA1
  
  dc24b9021542e60172d5bd87eeb05a7a88d2fa25
- SHA256
  
  ecd3014dc55f0f77c1f9c98522749c3633e2c0d6302725e0334ae8eb0ea1cc3c
- SHA512
  
  4d74c713aa686d0f6780674ba965611f70c9c71ea56878c4ed28890483cb57a8bb8ed5a04a8666fb466594c99c405d442a7ad1d5ea850c4ecc6874b7ab56a2d1
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid2959887884bankerloadertrojan

behavioral2

icedid2959887884bankerloadertrojan

behavioral3

behavioral4