icedid | 21a040e78eb9080690730054cc8f5a58eba65dc5a43eceee9e329585b11158d8 | Triage

Sharing

General

Target

LGY41.iso
Size

708KB
Sample

221118-1qwrbsdg4t
MD5

4a7f194a215486c4d2885e7dfb74260b
SHA1

de2bbcca8b0b83b1d898017807d92bbe60f259b6
SHA256

21a040e78eb9080690730054cc8f5a58eba65dc5a43eceee9e329585b11158d8
SHA512

67a650e0b137315d80ec4cfbe4d2499c466b3511914aaf77a6600afe459e5fe106a50718d9e3ce54e8a63bec40cf6854f0877db854c75c9ee3bcd5a63c399bb0
SSDEEP

6144:kK8+5MMR+laGEoSvma0lgTxwBT0kqnYMXq0lDUUTGpsmLlDF/lDdosW2HOuNb0iy:kt+5M4+9g9wBkX4Hp5uTBp

Score

10^/10

icedid 3822462527 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3822462527

C2

sciiultaelinoza.com

Targets

- Target
  
  FF.vbs
- Size
  
  9KB
- MD5
  
  2435d21fa802df96c00ff7a17d97cf89
- SHA1
  
  634782f2859c7bcf70949835a0bd4a029fd086bf
- SHA256
  
  310b93c4034a5afdca55379f211e69d3530b7bd0da05186544cd0c8bde7b9033
- SHA512
  
  3fc00ffc5915238956a08400fcec4df414f7b9324d95bbf8d3c1acb19d6dd82be6ec880eb1d24bc79ec5e2c7ad196304fca7cf6793f6061fb36b9c008cfe2951
- SSDEEP
  
  192:ReSjpUorcl/E4hp3aD/OCMhiEe1mUS1G0vdzgW20fkbsgTbpQt:c4pnrcpE4hpPCMhidmnGm80jWb4
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  data.txt
- Size
  
  3B
- MD5
  
  f241176a4e2ae5d8dcdc32ef95083226
- SHA1
  
  b1442fdff89f64c13a38a2d35407a315a033577a
- SHA256
  
  1fc61c2a8598b892e1aba390c70cde2c695f2c81abd5eeaadef902a9cf9d777e
- SHA512
  
  fbf2577597b6c861e41d419b5f1fb581b3568ab1c52c993552be1ef8881c360aa40b4c7c4fef52a6197bf46638ef71abc9989365546fc4c9c8aed381bfb0c334
Score

1^/10
behavioral2
- Target
  
  swore/bandannas.temp
- Size
  
  100KB
- MD5
  
  5b84c21646a352972bd21281f90d0f3f
- SHA1
  
  2a0119b6434a5f47e375c6bb6ead4b0a1f2f2bf2
- SHA256
  
  6bf067979a6ebf324246d3ed746f728678bc44fda25a4ca6878be92223ae0356
- SHA512
  
  0452a5d9a1caa44ba17b59493f300c44d4e955fbf5aecb4d2eb4991b59323807af2a6301909525d840055a6145e175e7194a266c45c84ea1e3861004cea89c02
- SSDEEP
  
  1536:MZO05V5SA9tXrTMMv6OHKj2luFY0xS57B3l/ApekzDsw9BM8cpmSn0l7i59:aj1MM3A6XkbfcQin
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral3
- Target
  
  swore/personalize.txt
- Size
  
  260KB
- MD5
  
  d874ce67de2b1fa668011615d933de6d
- SHA1
  
  5347670534a0ec81801eebd98fc326c9c3f30c22
- SHA256
  
  de4db839a630a5d2c4bc3cffc92db37fee1b3ef03d0ad201daaf8a8573a41e9e
- SHA512
  
  38ab254a4c9f271f521937ab83c98805dd189004d6a9472be5010434f80f81a211336b23ff5830b1c378f611727609b2bd6d13b3727664d7219de6e2fccaf7c9
- SSDEEP
  
  3072:VMUkGEsLSvmaM3lzkTMYXQQkBTM3sJqM1rMY2ukQk0l2:VaGEoSvma0lgTxwBT0kqnYMXv
Score

1^/10
behavioral4
- Target
  
  swore/pestle.txt
- Size
  
  277KB
- MD5
  
  df1d4260ab003551c55772ec4318c294
- SHA1
  
  9e8a3c90933d4fd5e1d6f64e06d3a60a78ac42a0
- SHA256
  
  1d13b655d1c8c275c1943badcaef5c56e2c47865d27dcaf9d6230809c05af2ff
- SHA512
  
  6716f24008d08079809e10efaa971659d83902846c5184d0c2973238e2677bbc9436b25aae276ce118ec773fd02acc812750926d97f65d1c624a71c32781fa04
- SSDEEP
  
  6144:q0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXplD1b++BbXm/W6HB0lDE4KXplDVblD94:4Hp5uTBp2
Score

1^/10
behavioral5

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3822462527bankerloadertrojan

behavioral2

behavioral3

icedid3822462527bankerloadertrojan

behavioral4

behavioral5