icedid | 5625165a85646faa26e84f0ea23d382e6ac949ef27ca2f09483937ab21709a72 | Triage

Sharing

General

Target

core.zip
Size

444KB
Sample

221114-xq3cbsda87
MD5

a98f8242ac96421d2c54df4182e763b5
SHA1

4fb8ff3024b38cebe4ba2978326ec75ea52895c8
SHA256

5625165a85646faa26e84f0ea23d382e6ac949ef27ca2f09483937ab21709a72
SHA512

3fba060db5b015127a70ebb7fa3c253866acdbffebbced2b7b9cad2d18ca8d813dada05f3a3d89dea08105cb6ff11868689b857bd2bcfc418f12ee624c842a20
SSDEEP

12288:rPC59Wamh95JleEB/70XHzobKwwrBYUz4QF:O5U93JleM/7OHzuwrBYaV

Score

10^/10

icedid 1023147713 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1023147713

C2

qurafleuncen.com

dremkalifcarsis.com

Attributes

auth_var
4
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  190B
- MD5
  
  6a8ff1f9e1883696e5e86a048fb610b4
- SHA1
  
  64b8d9958bf95d5c3824d34456458c93f427003b
- SHA256
  
  80db157f5126f94341911c972043ada6ccdeb11f4b046d16acdb39b8404febcc
- SHA512
  
  d874a3f2b9892840d67f4febd70ef53ad5a0a4722b70887578d83da58ad41c8a23b107e3b90e96442efd854b2c3ed522f12f0819e154e9dc56db59a418be184c
Score

1^/10
behavioral1 behavioral2
- Target
  
  deliver-x32.tmp
- Size
  
  88KB
- MD5
  
  8951681a2cfc3194ce612929f686fd6f
- SHA1
  
  7264cc195274cefcd4e16acdba26c7bc99800a17
- SHA256
  
  2565bbc065a9a36a992924cce8fb196598d3c7266e4a90923de729177f7b47de
- SHA512
  
  cc13812d7c2973429b74984e99f0b755c733e3fd8d9a2cbac03ebe5ae45f1d16e5c82de4d96319c92e43223444908e1357525dd18e1936cab25d210a92e59004
- SSDEEP
  
  1536:urmI7L/MqEmtx8C+FtwZWt7ix4l18EPyDmAUxhTNbQzc5:B9Dmt+YR4X8t/axNbQk
Score

10^/10

icedid 1023147713 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid1023147713bankercore_loadertrojan

behavioral4

icedid1023147713bankercore_loadertrojan