icedid | 2bd43175f33d5e03ae53c00541a357c3578a158f56d8b20b9099a45ccebc801a | Triage

Submit
Reports

Overview

overview

Static

static

wild_will.msi

windows7-x64

wild_will.msi

windows10-2004-x64

Sharing

General

Target

wild_will.msi
Size

720KB
Sample

221206-g85meafb3w
MD5

12fef89480f3c38d0949f7fd9458856d
SHA1

8ed8d7bf9c6ffc2934e5c9773692ded50f87ceec
SHA256

2bd43175f33d5e03ae53c00541a357c3578a158f56d8b20b9099a45ccebc801a
SHA512

0b4e9035905c9da6e7b0d8e0eeda3f6e7b8522135aec15eea14b85bb0966b5058f3443aa054983f00918b29fd3e699efca3a49030ee195c7b3f09d6c667e2a2f
SSDEEP

12288:pwHL0D7vkCPumy9chfA+t78B0igC+/NHB01SlF1:2HL0f/zyt+x8BtZKB6SD

Score

10^/10

icedid 787509923 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

wild_will.msi

Resource

win7-20220812-en

icedid 787509923 banker loader trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

wild_will.msi

Resource

win10v2004-20220812-en

icedid 787509923 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

787509923

C2

kamintrewftor.com

Targets

- Target
  
  wild_will.msi
- Size
  
  720KB
- MD5
  
  12fef89480f3c38d0949f7fd9458856d
- SHA1
  
  8ed8d7bf9c6ffc2934e5c9773692ded50f87ceec
- SHA256
  
  2bd43175f33d5e03ae53c00541a357c3578a158f56d8b20b9099a45ccebc801a
- SHA512
  
  0b4e9035905c9da6e7b0d8e0eeda3f6e7b8522135aec15eea14b85bb0966b5058f3443aa054983f00918b29fd3e699efca3a49030ee195c7b3f09d6c667e2a2f
- SSDEEP
  
  12288:pwHL0D7vkCPumy9chfA+t78B0igC+/NHB01SlF1:2HL0f/zyt+x8BtZKB6SD
Score

10^/10

icedid 787509923 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid787509923bankerloadertrojan

behavioral2

icedid787509923bankerloadertrojan

© 2018-2024

Terms | Privacy