icedid | f7715f48cdbf36bb611a205fcc067670018cf23cb30cc362a56d35b98d002826 | Triage

Sharing

General

Target

LZG41.iso
Size

656KB
Sample

221121-mkjypaeh54
MD5

6408679de2eb8c44710e48fd37aea371
SHA1

d8d12728d99879525dbc0c87bc6127a186ca4825
SHA256

f7715f48cdbf36bb611a205fcc067670018cf23cb30cc362a56d35b98d002826
SHA512

dce56f051e49f38644023cffb3b2fdf3233f1eb3f36f7e8b7dd1a187beb7052a81766a03fd5d02bafbaa316074615b03bdc6b73bca5c7d5f51be8c28c6fc860c
SSDEEP

6144:sK8FaGEoSvma0lgTxwBT0kqnYMXq0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXplD1t:st8+9g9wBkX4Hp5uTBpPsWS

Score

10^/10

icedid 3822462527 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3822462527

C2

sciiultaelinoza.com

Targets

- Target
  
  FF.vbs
- Size
  
  9KB
- MD5
  
  c6031c7c55e1a3ad39686f5285f169e8
- SHA1
  
  9b095c7a6a652863fb04644208f3c4626e48732e
- SHA256
  
  34fd7ac1ebf24488f3ef3ce8510fbeaf531bdb1fb4da13327a64482e836df691
- SHA512
  
  7a5000dbf095f5e89f28663de29345605f3dba524f177b61f2516a9302c82384f314a0287fb561bae1cd3fe916c96a8df8818f75b539862787089ce129ac5298
- SSDEEP
  
  192:GeSjpUorcl/E4hp3aD/OCMhiEe1mUS1G0vdzgW20fkbsgTbpQt:d4pnrcpE4hpPCMhidmnGm80jWb4
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  swore/sensible.temp
- Size
  
  49KB
- MD5
  
  bd80b2b1b80baddcae04c2bd338bdbde
- SHA1
  
  750e7066f6e5e8c5095fcf18ef33596882f495b5
- SHA256
  
  0a728bfdead0f370d24510169ac58f3edaae2bea503ac9c02365d1446fb22823
- SHA512
  
  9c566ea7fff7b45037283a48f425e549e9b0818e25012c5d2d9eb7d25de3413088eb3d7e91b128421e5210ce2c651e080e993cab0f81c68fb93f75d0e5be05a4
- SSDEEP
  
  768:ui9IlCuxlaboLzk8FQm5OzR4HziHF47DPh/e8bQZ2w0Nt8ASwn5:uiWl3LzPIdEzqFI7g8sZE+ASwn5
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3822462527bankerloadertrojan

behavioral2

icedid3822462527bankerloadertrojan

behavioral3

icedid3822462527bankerloadertrojan

behavioral4

icedid3822462527bankerloadertrojan