icedid | f4c10d9c7cd13a9133d5232d7cada476ca24f73f3c1e4f5c2072e46c899e33e3 | Triage

Submit
Reports

Overview

overview

Static

static

d65c22b2-b...9.html

windows10-2004-x64

Resubmissions

18-11-2022 03:43

221118-eadpxsge94 10

18-11-2022 02:54

221118-deebksgd52 1

Sharing

General

Target

d65c22b2-b244-43e8-bd55-4165ca062fe9.html
Size

317KB
Sample

221118-eadpxsge94
MD5

8a22cbda678e7da4fdc1aa81dde718ad
SHA1

41ae0ffb78b8041b6710a3a09c172204bf164790
SHA256

f4c10d9c7cd13a9133d5232d7cada476ca24f73f3c1e4f5c2072e46c899e33e3
SHA512

ae5fe3f4ef00856982995156e9b5076c246f2194f1900019c17af40de7533d23fe9245dea77f986d4afbd4036082b8c5a8d7856c9ecb2f600cb3f8667d7379b7
SSDEEP

6144:nYjRCBwC8pIy/5rDSrIbMJLtUQZwld2JDc0C4Qvbq:nYjpXI66rIqKf2JYRO

Score

10^/10

icedid 426369791 banker loader persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

d65c22b2-b244-43e8-bd55-4165ca062fe9.html

Resource

win10v2004-20221111-en

icedid 426369791 banker loader persistence trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

426369791

C2

ahilacarstrupert.com

Targets

- Target
  
  d65c22b2-b244-43e8-bd55-4165ca062fe9.html
- Size
  
  317KB
- MD5
  
  8a22cbda678e7da4fdc1aa81dde718ad
- SHA1
  
  41ae0ffb78b8041b6710a3a09c172204bf164790
- SHA256
  
  f4c10d9c7cd13a9133d5232d7cada476ca24f73f3c1e4f5c2072e46c899e33e3
- SHA512
  
  ae5fe3f4ef00856982995156e9b5076c246f2194f1900019c17af40de7533d23fe9245dea77f986d4afbd4036082b8c5a8d7856c9ecb2f600cb3f8667d7379b7
- SSDEEP
  
  6144:nYjRCBwC8pIy/5rDSrIbMJLtUQZwld2JDc0C4Qvbq:nYjpXI66rIqKf2JYRO
Score

10^/10

icedid 426369791 banker loader persistence trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid426369791bankerloaderpersistencetrojan

© 2018-2024

Terms | Privacy