icedid | c2e93edc1a7947bfc50c2f80d42ed5c29a4af762e275bb43610442ee18c8005c | Triage

Sharing

General

Target

core.zip
Size

444KB
Sample

221118-w3crrsbd93
MD5

ccef3f332674ec0fa297e293751ee600
SHA1

abe1e1bd3c86df4d7e8cc062cdddf720782493f9
SHA256

c2e93edc1a7947bfc50c2f80d42ed5c29a4af762e275bb43610442ee18c8005c
SHA512

f9de77774b4db1c7b9078dbec1513bdc24cf8c8c8b28eabc63ad6bbbb9c31ddca1e4be76848e20139aabaec7529586a1e3788fea2d14d82766f9cb4ca7cad26d
SSDEEP

12288:MAsh95JleEB/70XHzobKwwrBYUzcepHhKf3T:O3JleM/7OHzuwrBYacYhu

Score

10^/10

icedid 506330626 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

506330626

C2

mashaliop.com

breakolitro.com

Attributes

auth_var
3
url_path
/news/

Targets

- Target
  
  cmd.bat
- Size
  
  190B
- MD5
  
  83e3f344c28d8f86791e36f10519a1c9
- SHA1
  
  ad20bc111e1d3304429b54470479179ecf389ddf
- SHA256
  
  10585b5fc1ed00fad4890d442c4e8cf36f9e0a7f0f7f3227db0a1323147e905c
- SHA512
  
  290ddb759c86fc790c522518ff779443de37bff95cc5400e5925aaf25020acb6a8d010057126e25a9702a90c6a1c35f795526c5feadf22c587802e60d6378b45
Score

1^/10
behavioral1 behavioral2
- Target
  
  nothing-x64.tmp
- Size
  
  88KB
- MD5
  
  e6295e3c0660d19bdafcb3974f4c97b6
- SHA1
  
  f967719ba7b54046c465b5672a7b10a36d6c6767
- SHA256
  
  5ca41ebbaaff32049b4eec46f159cf63c2861f602addd04a446d81b2d9a6b054
- SHA512
  
  de8e91496e51a11a421baae5b3729b759cb76c97e451bfc90a324a81013ce4399ebeaa5b093998c8f088486a9b067fc220ad8c297bf823856f97a46399d8fdea
- SSDEEP
  
  1536:BmSMPfbt+GJKCtbNo/huWa41oIv4qEciDk+I9xQ3Ukc9/wtRsxN+GQ:0SPP2vcmxHECsxN+v
Score

10^/10

icedid 506330626 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid506330626bankercore_loadertrojan

behavioral4

icedid506330626bankercore_loadertrojan