icedid | 873d02bb3d248110c1db5155acd11811ba99c4689ceb2eb148fba49f712d3ff8 | Triage

Sharing

General

Target

invoice-0009.iso
Size

1.1MB
Sample

221116-phr8dsed5x
MD5

ac162909e008bdb042ad2362d2c01902
SHA1

aa2039b03669cfc8d720f08ed4aebbcdefb4938b
SHA256

873d02bb3d248110c1db5155acd11811ba99c4689ceb2eb148fba49f712d3ff8
SHA512

7e613884b305ace6165c4f2e0322074e40da6a89f588d8b11fe84e80d8166088fa70c2d235beb506a98a1aa1e1d282f3ba60e55dd54e9d3d8522195bc9debb86
SSDEEP

24576:KVlBZkyFvIJPjhsYQAq2l6ncIJGGY7NuRUB3SVlBZkyFvIJPjhszwoBwJwJH:KVlHkbjhsY9q2l6ndJGGY7NuRUEVlHki

Score

10^/10

icedid 3606255791 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3606255791

C2

eventbloodd.com

Targets

- Target
  
  HEESRICD/CRIHNQKO.cmd
- Size
  
  68B
- MD5
  
  5209598028d135931069f050d423f71f
- SHA1
  
  59d199fa6e4d8fd54e65a9655e6efce9d5b583ea
- SHA256
  
  c0994d3a5465742406e12a7ff7d31fbcccc7eb2c3d202b591e0282d537b17dcf
- SHA512
  
  dfce1557e23b3ac11da3e0dd4521861504340feb07a840309f7e8238e18fc71b992048627f37137dd779e06b343c32f06a082a2e039e48f60d706c372c5fa63d
Score

3^/10
behavioral1 behavioral2
- Target
  
  HEESRICD/ETPZENER.js
- Size
  
  610B
- MD5
  
  724768dcaad2aa49fa276daddcbbc621
- SHA1
  
  fcd3a0bc05c41b49f65f1d9ee7a699c400353d46
- SHA256
  
  17fc1878ae84079bb93736beba3d3103acd9dbc6f67bb653c5cdcdb6fb60538f
- SHA512
  
  cabc96387995ff97c75d8042aa2f42b504463639e2a9dd548da2d0ba498534b97b801e64fcc8471161e03c3299f33e02e4b9ff758a5f460c5e24bb59eb8080f1
Score

1^/10
behavioral3 behavioral4
- Target
  
  HEESRICD/JG343534I3khfdfgkdfh.pdf
- Size
  
  86KB
- MD5
  
  1f4cbc5df4ee4e09bc625a9092d0a8ec
- SHA1
  
  e289de13f0191ebc81639045c23d6672f228e73d
- SHA256
  
  9abf25f0e1503cb38da963afca7f2aa079f9e60f0bb7cc7b53e0a6e5760074e7
- SHA512
  
  b76bd91f28886e370fa5101996d0e90fc4da50c19850080cdeeb65a50ddbb21d53338419273d0b941e1bb2d622ca4040c1e45fdbe2d3895d93e7ad169891eeae
- SSDEEP
  
  1536:o3KGJqJ5XRRzlC0sPyvMTdqvcohVKR2bm70/wm5Nb9hh0YE:o3KGJEXnzlzsEWd2hXC2A04aNbDRE
Score

1^/10
behavioral5 behavioral6
- Target
  
  HEESRICD/KRTQRRFH.dat
- Size
  
  320KB
- MD5
  
  766c34eeef4f673e82fd0f4a2b9c3a5c
- SHA1
  
  2af772c347252a3accea31c71f937830ae0b5c16
- SHA256
  
  1b6a7ec2de95b9d59b57dc3eebdc6b66f37208515e062b5785e551c0377d0bbf
- SHA512
  
  2488128efb3de3b6a4b3020ff1ed421ac59820614a7f51bef288eadeab16d8fcacfc134cac01afd4f0b77f34bfe72d2e4697f0f8519cec64bd07f681d6482177
- SSDEEP
  
  3072:ut5OqjYIRIT4RR5Nu75pszcq2l6ncjhq575T/NGGY7ljGHPfKjXjGHquR:+cAsAI75Kzcq2l6ncjhqrJGGY7NuR
Score

10^/10

icedid 3606255791 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral7 behavioral8
- Target
  
  invoice.pdf.lnk
- Size
  
  1KB
- MD5
  
  82f6859bc0e99302adef28a854d15177
- SHA1
  
  d83cf532efea3f4693315005773f69785ce1e0a1
- SHA256
  
  a30e528a6ad1c5b0a3930a28b04d4fae700a799958d13e7dfa274c3ad1cd352b
- SHA512
  
  3fcaa7e431c5fe301b2b826103e0f0b7b41caec5485a08432646084adffaf00f741b98f275403689d65d8ffe9e5a9eb1edbe1db0a810f74ad53607552323d2ea
Score

3^/10
behavioral10 behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

icedid3606255791bankerloadertrojan

behavioral8

icedid3606255791bankerloadertrojan

behavioral9

behavioral10