icedid | d5bed7d392dc8bd6c45f155f1f31a09e1e99f246b697a1fb98d5a63f96e91cf1 | Triage

Sharing

General

Target

core.zip
Size

532KB
Sample

221114-zrhqesdf25
MD5

915c527ac67e0f95ea9f5fc0c19b96da
SHA1

90560a3a3e743a7e63fc3794b1014f5044d64a93
SHA256

d5bed7d392dc8bd6c45f155f1f31a09e1e99f246b697a1fb98d5a63f96e91cf1
SHA512

7ee4db46f94da466a213cae8613fbac043f2a7cd05746145b34a92d97e1ecbb923f1427ae05dc28b43c7a547f5fe76118c3aca2b88c428bc05f7701c933a48a5
SSDEEP

12288:rdqadTv4e1hmj59Wakh95JleEB/70XHzobKwwrBYUz4u5:8adwQhW5UP3JleM/7OHzuwrBYar

Score

10^/10

icedid 1023147713 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

1023147713

C2

qurafleuncen.com

dremkalifcarsis.com

Attributes

auth_var
4
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  189B
- MD5
  
  1b0986e0636ea647760dc3e6394782cb
- SHA1
  
  373f569810d64f0a4f0e2c4d1200f39bf3340506
- SHA256
  
  b6f3d79daa57782bef6b337fd83044a2c3010186173101a6dae6f6d6440ac695
- SHA512
  
  e6205459924516a4bad8f0f0c970c85dfc8334eff15df876eb28cf27787509307343d0ebf8b6827a815ef57d0a8bba2c549cb6aa568c8d86dac86390cbcc99f5
Score

1^/10
behavioral1 behavioral2
- Target
  
  deliver-x32.tmp
- Size
  
  88KB
- MD5
  
  8951681a2cfc3194ce612929f686fd6f
- SHA1
  
  7264cc195274cefcd4e16acdba26c7bc99800a17
- SHA256
  
  2565bbc065a9a36a992924cce8fb196598d3c7266e4a90923de729177f7b47de
- SHA512
  
  cc13812d7c2973429b74984e99f0b755c733e3fd8d9a2cbac03ebe5ae45f1d16e5c82de4d96319c92e43223444908e1357525dd18e1936cab25d210a92e59004
- SSDEEP
  
  1536:urmI7L/MqEmtx8C+FtwZWt7ix4l18EPyDmAUxhTNbQzc5:B9Dmt+YR4X8t/axNbQk
Score

10^/10

icedid 1023147713 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid1023147713bankercore_loadertrojan

behavioral4

icedid1023147713bankercore_loadertrojan