icedid | 7e59d0ce832dbcd35daafbc0bcd008729d1bec71cb547c607e2e02c85afaa25e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

document-15779.iso
Size

706KB
Sample

221031-y1akqscfe8
MD5

f6c9cd7fb2b949437c1d69b4e6c2172f
SHA1

fd4961839db221278ad2bac08cb8509ef9f778b6
SHA256

7e59d0ce832dbcd35daafbc0bcd008729d1bec71cb547c607e2e02c85afaa25e
SHA512

740cb7fdab912a674ff0005b3fcb50e8e0fdeeade1b6e5b9cb4855b5b22fda5f0400c6e7cbcea3038552f6b3e1e439fcd09f0f0225b705060317cb7690a2d29c
SSDEEP

6144:lLRROwRRxwRRhtRRV2RRN8RRNqZSo5hUybNmbA4k7pIp6vLMoimii4SluOpOPUpa:vbcbA4k7pvLCmii4SlugrprM+t1p6yQ

Score

10^/10

icedid 89792758 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

89792758

C2

trentonkaizerfak.com

Targets

- Target
  
  document-15779.iso
- Size
  
  706KB
- MD5
  
  f6c9cd7fb2b949437c1d69b4e6c2172f
- SHA1
  
  fd4961839db221278ad2bac08cb8509ef9f778b6
- SHA256
  
  7e59d0ce832dbcd35daafbc0bcd008729d1bec71cb547c607e2e02c85afaa25e
- SHA512
  
  740cb7fdab912a674ff0005b3fcb50e8e0fdeeade1b6e5b9cb4855b5b22fda5f0400c6e7cbcea3038552f6b3e1e439fcd09f0f0225b705060317cb7690a2d29c
- SSDEEP
  
  6144:lLRROwRRxwRRhtRRV2RRN8RRNqZSo5hUybNmbA4k7pIp6vLMoimii4SluOpOPUpa:vbcbA4k7pvLCmii4SlugrprM+t1p6yQ
Score

3^/10
behavioral1 behavioral2
- Target
  
  boites.cmd
- Size
  
  714B
- MD5
  
  96f6953006a02468f5d497727bd12c01
- SHA1
  
  982c900046efbb7f56ead5308121b6a1064259c2
- SHA256
  
  11f97889c6413cf1cc466664aa52c848326f6faf6f916e7ef5b5cb738c61ad8c
- SHA512
  
  c202c49bacee0a329f4c99fca1cc642a56f78bf1d800ab18f356f96480081e0f1318742fadb461549f15f9251882838448bf13b1035b75b6b937c9b3a89bd957
Score

8^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  documents-8261.lnk
- Size
  
  2KB
- MD5
  
  13092a11f51da24b418d760fe05f6d36
- SHA1
  
  dad193253f28aed9f4df143554eeee8c5b0dbe99
- SHA256
  
  5fe42478e84564963c22b4a1cb6cc2b8ac563f485121dcde1ee87899d8af179f
- SHA512
  
  da587a4c4d5d19ee9f5891f47ac025b4f960b8b700763c50cafbdd49db4a7218ff8ea5baacd92f1df0d45b90e822e56c80f331af432c271e30a778550429de1c
Score

8^/10
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  templates053.png
- Size
  
  202KB
- MD5
  
  42eb124bee0ea9908f7d6fa7d546a217
- SHA1
  
  001508914c56f982d4364efb53ee76397ccc1cbb
- SHA256
  
  f22b77e4bf567ca368392347a3db20b308dad81463fdf3c8fd09dd0e21488c0c
- SHA512
  
  ee25b838376b3c16253c5ebeba1881dd48ecb8b3453c055b4ee1bb193d8dbe43d57770c7cc9c0cfd9c2b8735648f6f2af8cc111c47118adf0dd27f2dd110f6fd
- SSDEEP
  
  3072:SluOppcEzDzRdOQQrusCpmkM+WzfK1EDuBMFU5OdNAfNsyQa:SluOpOPUprM+WLK1E6yldqOyQ
Score

10^/10

icedid 89792758 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

icedid89792758bankerloadertrojan

behavioral8

icedid89792758bankerloadertrojan