icedid | 09d55f469c9ecb5e7ee791e4bb95cf6fc44cf42a32f6bd8153f38232670e658a | Triage

Sharing

General

Target

Document_PR17.iso
Size

428KB
Sample

221112-l672zaaa2t
MD5

8eb54d054108957c5f7f110a73335c1b
SHA1

a1543b055910087e6ff11ec4d3fb2522afe4fd78
SHA256

09d55f469c9ecb5e7ee791e4bb95cf6fc44cf42a32f6bd8153f38232670e658a
SHA512

8d7c63551cd21bf731318e7939e94c9a683aa613d112fc469d48e63fa254a0518cf39e53d705690a16f9c6a02196b00a27a29af97d40117d87d69a116838d772
SSDEEP

6144:nbUhI77ETb+JS+lDDWbOrL/ZslDP/w+lDxlDuSTjQBRlDFKLEzbrbuWHZ1RKlDgo:vRfyg7QKbuGiKpw9iInYc

Score

10^/10

icedid 426369791 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

426369791

C2

ahilacarstrupert.com

Targets

- Target
  
  Document.lnk
- Size
  
  1KB
- MD5
  
  e687c2f7702b553ee26f556cdf937539
- SHA1
  
  7dfbf22d2d96644033a9dc804f6915428f123815
- SHA256
  
  ee16902aec7f9971d75a605229b1533f8c24530e776629217c0701520c1f4530
- SHA512
  
  5d6e2322aa23fd3a809909835b7d5033ff7c8fbc939ba42aa59c11620592f1b5a3adc1ecc9b608739b78d1f2b8c7712820612991739bd7d9b38d9ca206082796
Score

3^/10
behavioral1 behavioral2
- Target
  
  belts/acknowledgments.cmd
- Size
  
  313B
- MD5
  
  d7acb54f7d76754ce046b8fa43938ec3
- SHA1
  
  d9ff818e1a3a0b94a100066b8a1a54fa88662698
- SHA256
  
  eea650caf415c1ec98301c81e01730dbc90933b673f2ece8852089cf53c45755
- SHA512
  
  3508923ab2acd4169b9a68bda4b6b4a6566649826eaeb0b5ec5e73a45f38f6a6261a32a79ce9ce8af47d3154847defe73f19ab01029fc2683e79e778bd8a80c6
Score

1^/10
behavioral3 behavioral4
- Target
  
  belts/gabbles.cmd
- Size
  
  229B
- MD5
  
  e51b20c8b81cc6aa9f17af5845ae0e62
- SHA1
  
  62dbfdae56488813cb906534c26dfde4a1a56469
- SHA256
  
  fe6086a415ba8ec84b43c215be057897c086674c025bf90123b509c33fc7c76a
- SHA512
  
  39ae9220ca435b7c64052d728f0245e3c31339372e8946fa823f7be15a48b7c65451fb4c9fc16f409757fcb70c1b3e004cedcb7c4a69dc40fe529e1160137be7
Score

1^/10
behavioral5 behavioral6
- Target
  
  belts/maximally.tmp
- Size
  
  91KB
- MD5
  
  973c90300aac68b64fdcc53eea3e3042
- SHA1
  
  5deea28b7446c6e7f181068db1c10eb6b4db5a0a
- SHA256
  
  8f11dedd768f84aca417415ac6aafbae2ce6fcb52e5faf19f348c4b71f87522a
- SHA512
  
  78da61c6c6c8481d31caf6b0ff900c21f7fb5957a9410ae29ac3cc6a93e8574c807d71a1ad7490f09e89a93255be54c571b99244b2a79805594372ad06665c73
- SSDEEP
  
  1536:Zet0Ij7MlNXRNRLCRw8FBR0Q6xpeweizs2Xm9+WROCzXiSLuhSiy:JInMX7GweBW/0weN22briS4M
Score

10^/10

icedid 426369791 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

icedid426369791bankerloadertrojan

behavioral8

icedid426369791bankerloadertrojan