icedid | f5b4b926120482f05fcb047c16cf62bcd3a22b46d529a424b89d60a8e902fda7 | Triage

Sharing

General

Target

DVR71.iso
Size

656KB
Sample

221118-1xxl7sea9s
MD5

ee3b186e78d2ec8000ccf842ef7c3d26
SHA1

ab414961311be76c301f46df4ea3d0825b21b0fc
SHA256

f5b4b926120482f05fcb047c16cf62bcd3a22b46d529a424b89d60a8e902fda7
SHA512

59dcf43a3e24770daff61760eac546fee58ab0148b3fe5a4c84524086c65f872b838e94bdf9b0281f00a43f68f0f71d0710c46f64213a1cbc43314f436b999f4
SSDEEP

6144:dK85EWSgaGEoSvma0lgTxwBT0kqnYMXq0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXQ:dt5EWSN+9g9wBkX4Hp5uTBp

Score

10^/10

icedid 3822462527 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3822462527

C2

sciiultaelinoza.com

Targets

- Target
  
  FF.vbs
- Size
  
  9KB
- MD5
  
  785e8820f74ffc292411dcb192a88ee4
- SHA1
  
  d5488a8e7d686b7708af969380c88254ec966b47
- SHA256
  
  94987ebe5412a1e3a4ad08ec60c67b37af3851c40f4faa3214c7e5d963ce47ba
- SHA512
  
  5e7300da22d67bc9da556deeeddde85b6036a736fe80eed7cdcb66fd123ea01db5bd89274b59b5d9c7a0a58b4e451967c485390685849ea4567c48d05c988106
- SSDEEP
  
  192:9eSjpUorcl/E4hp3aD/OCMhiEe1mUS1G0vdzgW20fkbsgTbpQt:Q4pnrcpE4hpPCMhidmnGm80jWb4
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  data.txt
- Size
  
  3B
- MD5
  
  f241176a4e2ae5d8dcdc32ef95083226
- SHA1
  
  b1442fdff89f64c13a38a2d35407a315a033577a
- SHA256
  
  1fc61c2a8598b892e1aba390c70cde2c695f2c81abd5eeaadef902a9cf9d777e
- SHA512
  
  fbf2577597b6c861e41d419b5f1fb581b3568ab1c52c993552be1ef8881c360aa40b4c7c4fef52a6197bf46638ef71abc9989365546fc4c9c8aed381bfb0c334
Score

1^/10
behavioral2
- Target
  
  swore/hollowed.temp
- Size
  
  49KB
- MD5
  
  0cda53c0bdf7dc50c9ca5a2fd20e9ec4
- SHA1
  
  a448ad10746b76504e7d6f4d99b4f0be304c371e
- SHA256
  
  6efc555dcec1a6a7d36b5e96617a73eef2dd09af9a7fe855a303bfcf6833b0b7
- SHA512
  
  7d4c86a0bf505ab3c8639d3c4652a18d30182a6923bb70b6645971ff42da26f7a38f11499a7e4cc9f8cb8dbbfffa33558b5c065617c37e05dbfd492e84c5a171
- SSDEEP
  
  768:bi9IlCuxlaboLzk8FQm5OzR4HziHF47DPh/i8bQZ2w0Nt8ASwn5:biWl3LzPIdEzqFI7g8sZE+ASwn5
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3822462527bankerloadertrojan

behavioral2

behavioral3

icedid3822462527bankerloadertrojan