icedid | 5472103e290d3b51becbbde14d494535980cb0cedb40d4f4f1bf9830765fb173 | Triage

Submit
Reports

Overview

overview

Static

static

1554FF.html

windows7-x64

1

1554FF.html

windows10-2004-x64

Sharing

General

Target

1554FF.html
Size

368KB
Sample

221121-rprljsdd34
MD5

40516ea9f7767045c822e15ef375fdee
SHA1

5b9878dbbd27860e39af55a21a3dedae154d00b3
SHA256

5472103e290d3b51becbbde14d494535980cb0cedb40d4f4f1bf9830765fb173
SHA512

8b414097af2e3f4cb3a3b7bf86e44a3e42dbfe205773614246868dae201c0e0b0089a02bbaefc120dd8504fec019a91b98fb79ea0ca5394ee9b9b51013b1dd89
SSDEEP

6144:RYjRCBwC8pIy/5rDXOkprEqNUQJRHlzjKK0jY5BzlAnfQ6sIXU0UgtmzA:RYjpXI6/bFLHKVOmYNIEvs

Score

10^/10

icedid 3822462527 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

1554FF.html

Resource

win7-20221111-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

1554FF.html

Resource

win10v2004-20220812-en

icedid 3822462527 banker loader trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

3822462527

C2

sciiultaelinoza.com

Targets

- Target
  
  1554FF.html
- Size
  
  368KB
- MD5
  
  40516ea9f7767045c822e15ef375fdee
- SHA1
  
  5b9878dbbd27860e39af55a21a3dedae154d00b3
- SHA256
  
  5472103e290d3b51becbbde14d494535980cb0cedb40d4f4f1bf9830765fb173
- SHA512
  
  8b414097af2e3f4cb3a3b7bf86e44a3e42dbfe205773614246868dae201c0e0b0089a02bbaefc120dd8504fec019a91b98fb79ea0ca5394ee9b9b51013b1dd89
- SSDEEP
  
  6144:RYjRCBwC8pIy/5rDXOkprEqNUQJRHlzjKK0jY5BzlAnfQ6sIXU0UgtmzA:RYjpXI6/bFLHKVOmYNIEvs
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid3822462527bankerloadertrojan

© 2018-2024

Terms | Privacy