icedid | 6e5be647e9c9549d15c1e42a58a4a8e4467e9f9731c06d3ddd4b7961b3b30a78 | Triage

Sharing

General

Target

pw-23357.zip
Size

108KB
Sample

221110-v88kysdhdl
MD5

c993c22900c2042e5f15bcc1642c08e9
SHA1

853f242998972bed8cb366ac8702b80b3413cf62
SHA256

6e5be647e9c9549d15c1e42a58a4a8e4467e9f9731c06d3ddd4b7961b3b30a78
SHA512

8129020481a0f1a4287456b649b1cbc58749575c6635c3f08f8f397f1635218451f602f2e3c74dd89ed16e4bd4c98b1092d639969672dad1306e9dbfb00ca406
SSDEEP

3072:1uStTgoyPqwWbTYAkFDW3nRRzWYvN0gU8yYs:LtTqW3Q8XRRCuWF8q

Score

10^/10

icedid 426369791 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

426369791

C2

ahilacarstrupert.com

Targets

- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  9b4cf8a974158e32de7dc7a460a35d87
- SHA1
  
  bac59406895c413de18f1dc1fd17a5a5db31b6a5
- SHA256
  
  1a26725d91b45c78cf27f48e04c8371689d78faec9683969bb221898da9cbfb7
- SHA512
  
  97cbf7d72cc429f216ba77511b01093ca534623746014f1a3d0daa05914f2e14a3632ab5a6cb798add0d98f38764b3006fdcc206ed9af0d4b8ce9b11c0365d10
Score

3^/10
behavioral1
- Target
  
  belts/informalities.tmp
- Size
  
  91KB
- MD5
  
  e483dcf805f44039a77c49278caa0ffd
- SHA1
  
  896998643d23971d18a65bc1ba3b42398f135739
- SHA256
  
  68230ade55ca6aded18b03fd89366d73390b03c15ac98dfa7b65c50baf979ab6
- SHA512
  
  4d009f42dda02dc6abf7bec0fc597649297382eca90bfac87d2f0ca0b0f358dac8f8b31735295b8ff3beefccc8f566808f11b50d719225cb2bc146299300826a
- SSDEEP
  
  1536:iet0Ij7MlNXRNRLCRw8FBR0Q6xpeweizs2Xm9+WROCzXiSLuhSiC:uInMX7GweBW/0weN22briS4o
Score

10^/10

icedid 426369791 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid426369791bankerloadertrojan