icedid | fe04cf710700a364c38f52835fa222dc9dfd01002f1f1fdaf64cd758ce8f8c6b | Triage

Sharing

General

Target

NGH39.iso
Size

708KB
Sample

221118-w9rt9sbh42
MD5

322d7cabfc5e30aab76e7b85c1182da0
SHA1

96111fa837c73f4b25cb1d0c4a6809b8bc52ad4e
SHA256

fe04cf710700a364c38f52835fa222dc9dfd01002f1f1fdaf64cd758ce8f8c6b
SHA512

d6e9029329d9f3458388cb62a05a61cd113b42fd295406253bcf09d542d517bd42ac4bc145e7c99d4ebf6373e737874fdc13ccb2ff9265b46a0686df6fbb02b7
SSDEEP

6144:mK81aGEoSvma0lgTxwBT0kqnYMXq0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXplD1t:mts+9g9wBkX4Hp5uTBppLM

Score

10^/10

icedid 3822462527 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3822462527

C2

sciiultaelinoza.com

Targets

- Target
  
  NGH39.iso
- Size
  
  708KB
- MD5
  
  322d7cabfc5e30aab76e7b85c1182da0
- SHA1
  
  96111fa837c73f4b25cb1d0c4a6809b8bc52ad4e
- SHA256
  
  fe04cf710700a364c38f52835fa222dc9dfd01002f1f1fdaf64cd758ce8f8c6b
- SHA512
  
  d6e9029329d9f3458388cb62a05a61cd113b42fd295406253bcf09d542d517bd42ac4bc145e7c99d4ebf6373e737874fdc13ccb2ff9265b46a0686df6fbb02b7
- SSDEEP
  
  6144:mK81aGEoSvma0lgTxwBT0kqnYMXq0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXplD1t:mts+9g9wBkX4Hp5uTBppLM
Score

3^/10
behavioral1 behavioral2
- Target
  
  FF.vbs
- Size
  
  9KB
- MD5
  
  1c4f6bbfd0f1ee596b90bb02b288d98e
- SHA1
  
  7ca6d06613abc2ed4f6648b538c849ec309f14ce
- SHA256
  
  9ec7e0b4390bc8ab72bf6b310d41fda82278e73e8d9d907a6b3dddde50b092b0
- SHA512
  
  366fb895581cb2c7de7f6ceea548138bc15622e0a9f46acaa9acfbf2e6102debbcb323fe5ab867b3dc76ad147d0031637bd41db251a5220a0dcbfa537b34ef1a
- SSDEEP
  
  192:teSjpUorcl/E4hp3aD/OCMhiEe1mUS1G0vdzgW20fkbsgTbpQt:g4pnrcpE4hpPCMhidmnGm80jWb4
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  data.txt
- Size
  
  3B
- MD5
  
  f241176a4e2ae5d8dcdc32ef95083226
- SHA1
  
  b1442fdff89f64c13a38a2d35407a315a033577a
- SHA256
  
  1fc61c2a8598b892e1aba390c70cde2c695f2c81abd5eeaadef902a9cf9d777e
- SHA512
  
  fbf2577597b6c861e41d419b5f1fb581b3568ab1c52c993552be1ef8881c360aa40b4c7c4fef52a6197bf46638ef71abc9989365546fc4c9c8aed381bfb0c334
Score

1^/10
behavioral5 behavioral6
- Target
  
  swore/personalize.txt
- Size
  
  260KB
- MD5
  
  d874ce67de2b1fa668011615d933de6d
- SHA1
  
  5347670534a0ec81801eebd98fc326c9c3f30c22
- SHA256
  
  de4db839a630a5d2c4bc3cffc92db37fee1b3ef03d0ad201daaf8a8573a41e9e
- SHA512
  
  38ab254a4c9f271f521937ab83c98805dd189004d6a9472be5010434f80f81a211336b23ff5830b1c378f611727609b2bd6d13b3727664d7219de6e2fccaf7c9
- SSDEEP
  
  3072:VMUkGEsLSvmaM3lzkTMYXQQkBTM3sJqM1rMY2ukQk0l2:VaGEoSvma0lgTxwBT0kqnYMXv
Score

1^/10
behavioral7 behavioral8
- Target
  
  swore/pestle.txt
- Size
  
  277KB
- MD5
  
  df1d4260ab003551c55772ec4318c294
- SHA1
  
  9e8a3c90933d4fd5e1d6f64e06d3a60a78ac42a0
- SHA256
  
  1d13b655d1c8c275c1943badcaef5c56e2c47865d27dcaf9d6230809c05af2ff
- SHA512
  
  6716f24008d08079809e10efaa971659d83902846c5184d0c2973238e2677bbc9436b25aae276ce118ec773fd02acc812750926d97f65d1c624a71c32781fa04
- SSDEEP
  
  6144:q0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXplD1b++BbXm/W6HB0lDE4KXplDVblD94:4Hp5uTBp2
Score

1^/10
behavioral10 behavioral9
- Target
  
  swore/remounting.temp
- Size
  
  100KB
- MD5
  
  b235912cfba88b4729783cf45ffcdfec
- SHA1
  
  96c2de06c29dbff408dd1503bbfb7339b51fd876
- SHA256
  
  8abc47bd49bdccfc9db686068aec5732fc52fe7eb94907d96115867ab8b0d7a4
- SHA512
  
  8a0a9b570442c7891ce86877a21615c794d83e7e79b2d0cadb158534d317d879d73b642a81608aa5f2bc96e4871c0fc6b93e6b7ee983ffb92cc5e0ce90de6c7c
- SSDEEP
  
  1536:gZO05V5QA9tXrTMMv6OHKj2luFY0xS57B3l/ApekzDsw9BM8cpmSn0l7i59:mj/MM3A6XkbfcQin
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral11 behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid3822462527bankerloadertrojan

behavioral4

icedid3822462527bankerloadertrojan

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

icedid3822462527bankerloadertrojan

behavioral12

icedid3822462527bankerloadertrojan