icedid | a560238eee153b62fd9a6a01752d7e28d6409d0cd2fe1688ea5aee84b2199756 | Triage

Sharing

General

Target

Document_NA45.iso
Size

428KB
Sample

221111-qqhvcsfg26
MD5

3c5487bc6066920a97cfb73a59f0b969
SHA1

a535a46f6450419a5a02f0a88d5bd9807a5e14c4
SHA256

a560238eee153b62fd9a6a01752d7e28d6409d0cd2fe1688ea5aee84b2199756
SHA512

91e8e7b3932f041913f3969cb1047b23a9d26ccf91fc0f6a8b2856886c121c1f98ea0133fbc28ff2888b844114ad89c963b6705604010b62157092dc70699f66
SSDEEP

6144:nbUhI77ETb+JS+lDDWbOrL/ZslDP/U+lDxlDuSTjQBRlDFKLEzbrbuWHZ1RKlDg4:vRfOg7QKbuGiKpw9D1ImVJj

Score

10^/10

icedid 426369791 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

426369791

C2

ahilacarstrupert.com

Targets

- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  19a5a4f7e76a925dfd2467ecd957988d
- SHA1
  
  3d754cd790e1c7df79b8321a3ddcc1e9cf67929d
- SHA256
  
  dfd827588872f2c68d3f1654c398eb5368861c05627661d1d9d8747cabcc4e5f
- SHA512
  
  b75aa01990e412e489494a841e6daeebd4321f14c5a2d529034d27240e0459fe036bdf38937b7cc9e613f75cf81b6f761e0df4abb0de7915ebd36a33119d1db3
Score

3^/10
behavioral1 behavioral2
- Target
  
  belts/bivouac.cmd
- Size
  
  285B
- MD5
  
  d2d9ea79fe58f7fc8be9b1234c1106fe
- SHA1
  
  172e84c7479c4389ed6f3657cbf7b8876126a650
- SHA256
  
  72bd84e0bf325f285cd493ff27bd0566e90b9f17ce4e8481f4cc1374330e1607
- SHA512
  
  0cba630a38046da996377ba46dac287c31344f8f38e1a406bcaa58406d641030e16d12dfa19c29210fcfbe647af407f5647fe674b398501a078a7525dbfa364c
Score

1^/10
behavioral3 behavioral4
- Target
  
  belts/eclectic.cmd
- Size
  
  190B
- MD5
  
  93dc2693cd7914daeac43e6f98ad948f
- SHA1
  
  ea9b14c69a745743cfae490359e74bf6a033e818
- SHA256
  
  05f175275ec5f6add98b8733c72b861b5747f20f39f4a2e70ce579d700f62b04
- SHA512
  
  990cb733001e383dbb57f5f4554a245102c42de5544fbba0461eee52d7cb1b9a2ade94e4541e45723141390967a21491a21d9e8d23f31be70aca91162961d53f
Score

1^/10
behavioral5 behavioral6
- Target
  
  belts/trampling.tmp
- Size
  
  91KB
- MD5
  
  ca27351f9fea59e2adbd72277665e3d9
- SHA1
  
  cebae4ef3303eb1fc9053104a53706fc5841a5d0
- SHA256
  
  0b957cd40f571f1ffbbdec117ba55df508e42ec0b3ecdba8b429557d3d08c1ad
- SHA512
  
  6da0e2c5a4fb181a12a67af37a4eb4c02352dae4adc15202c89781cdfda43328193b558388aa32d2a29a8bdafc4ffb44b8f18cba2da813083405255dde2e7a6c
- SSDEEP
  
  1536:nXREXIBJWIsBMwYrUvjwI7CdiZEkgusxGEgG+JWx+1GlR:BicWIsBiUcI7CWrgus49KxJlR
Score

10^/10

icedid 426369791 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

icedid426369791bankerloadertrojan

behavioral8

icedid426369791bankerloadertrojan