icedid | 025df48ede2b2c9915b7dca8945680e9b60a6906a97a2b36c69b1466bc807836 | Triage

Sharing

General

Target

SBN75.iso
Size

656KB
Sample

221121-vkemzaad28
MD5

ac8ac1b8f89c3f4c5b5403b9b3696aa0
SHA1

1a70ca5be029051cd750477976b16629e4e351fa
SHA256

025df48ede2b2c9915b7dca8945680e9b60a6906a97a2b36c69b1466bc807836
SHA512

6b74af46141094c39b4d00f36ece58312f50bed9d86ebc09b98a5af3bfc84b9741e94e7f648f3df82855b7c21e4c83accabe0cdc9123c9748fb2fc71030dd647
SSDEEP

6144:LK8wEWSgaGEoSvma0lgTxwBT0kqnYMXq0lDUUTGpsmLlDF/lDdosW2HOuNb0iFXQ:LtwEWSN+9g9wBkX4Hp5uTBp

Score

10^/10

icedid 3822462527 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3822462527

C2

sciiultaelinoza.com

Targets

- Target
  
  FF.vbs
- Size
  
  9KB
- MD5
  
  821b87a892b6667b738df88c5500097a
- SHA1
  
  6480192413117bff676869b0df5d1d724529c7d7
- SHA256
  
  88027b012322c7584b0f8800aa1c533f017daa49622464e553abf71ffd6a6a24
- SHA512
  
  2182697317ca73c36f141829c9dc7c8215ea5af29601eb4db1ec4d330668c62ed3195378dba3dc77fde82f583be4e827f851ffd273ae7aab5c864c227da36d32
- SSDEEP
  
  192:BeSjpUorcl/E4hp3aD/OCMhiEe1mUS1G0vdzgW20fkbsgTbpQt:s4pnrcpE4hpPCMhidmnGm80jWb4
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1
- Target
  
  data.txt
- Size
  
  3B
- MD5
  
  f241176a4e2ae5d8dcdc32ef95083226
- SHA1
  
  b1442fdff89f64c13a38a2d35407a315a033577a
- SHA256
  
  1fc61c2a8598b892e1aba390c70cde2c695f2c81abd5eeaadef902a9cf9d777e
- SHA512
  
  fbf2577597b6c861e41d419b5f1fb581b3568ab1c52c993552be1ef8881c360aa40b4c7c4fef52a6197bf46638ef71abc9989365546fc4c9c8aed381bfb0c334
Score

1^/10
behavioral2
- Target
  
  swore/declaims.temp
- Size
  
  49KB
- MD5
  
  5ca7eb16864b365b7c17d6c841b8c364
- SHA1
  
  4590496c195eddf69692199f66ed001a1cb25a73
- SHA256
  
  44e43e61d0636b87b8e0b57bfd2f4cebc36c613154d28238f670b2b788261187
- SHA512
  
  154503288a40ee5ee4a161ba828eb2770e987add556d84be1ea3af5f1a1b9e078dc82dda30589f8439c55b78489c48b323879b133bc58cd810af67ee93554175
- SSDEEP
  
  768:Qi9IlCuxlaboLzk8FQm5OzR4HziHF47DPh/S8bQZ2w0Nt8ASwn5:QiWl3LzPIdEzqFI7o8sZE+ASwn5
Score

10^/10

icedid 3822462527 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3822462527bankerloadertrojan

behavioral2

behavioral3

icedid3822462527bankerloadertrojan