icedid | ee5312fbda6ed062279d0bf01c5c44bb45d113aae679c3929507419e0c2d2005 | Triage

Sharing

General

Target

2b20fef22a6d9078dd2c95a07bc86221.dll.exe
Size

209KB
Sample

221029-q2y1qahee6
MD5

2b20fef22a6d9078dd2c95a07bc86221
SHA1

6158769fcbf0f45acb93239bf63581ba76e7d98a
SHA256

ee5312fbda6ed062279d0bf01c5c44bb45d113aae679c3929507419e0c2d2005
SHA512

5632720bc88c2612ae62cc7e2dfb6cb26352153af149652c8a5403b5e505c93dc9f20ba0a357ffdbc1615473337abc37a9dd19e2bc2d4b76810f70d24f61f0c3
SSDEEP

3072:EvjzFD+vHhMTUe0FQgJYAh9apwYUVeNj6OO9I:wzFSvgT+aSe5oI

Score

10^/10

icedid 3447045697 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3447045697

C2

nipsontaz.com

Targets

- Target
  
  2b20fef22a6d9078dd2c95a07bc86221.dll.exe
- Size
  
  209KB
- MD5
  
  2b20fef22a6d9078dd2c95a07bc86221
- SHA1
  
  6158769fcbf0f45acb93239bf63581ba76e7d98a
- SHA256
  
  ee5312fbda6ed062279d0bf01c5c44bb45d113aae679c3929507419e0c2d2005
- SHA512
  
  5632720bc88c2612ae62cc7e2dfb6cb26352153af149652c8a5403b5e505c93dc9f20ba0a357ffdbc1615473337abc37a9dd19e2bc2d4b76810f70d24f61f0c3
- SSDEEP
  
  3072:EvjzFD+vHhMTUe0FQgJYAh9apwYUVeNj6OO9I:wzFSvgT+aSe5oI
Score

10^/10

icedid 3447045697 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3447045697bankerloadertrojan

behavioral2

icedid3447045697bankerloadertrojan