icedid | cbc31e48f08c7d1877246e6759edee70cecdfc76416a7b7f7ca0feede3355b93 | Triage

Submit
Reports

Overview

overview

Static

static

build-052.msi

windows7-x64

6

build-052.msi

windows10-2004-x64

Sharing

General

Target

build-052.msi
Size

720KB
Sample

221206-nlaxvadc33
MD5

5241275990f43d896fee78d1d72757e3
SHA1

8d825da07a5ccb9e518c518ea4d61c9b8374e63b
SHA256

cbc31e48f08c7d1877246e6759edee70cecdfc76416a7b7f7ca0feede3355b93
SHA512

1b417940bbdb56f63533ac380fb288870e095fa8f491bed472e171c7eab3d4090edeb72f90b2b21330eaad8ebb8a25dded4db470d5d3b13087ad707b97ae6f4e
SSDEEP

12288:ywHL0D7hkCPumy9chfA+t58B0igC+/NHBnn1SCSR:jHL0R/zyt+X8BtZKBn1SD

Score

10^/10

icedid 787509923 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

build-052.msi

Resource

win7-20220901-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

build-052.msi

Resource

win10v2004-20220812-en

icedid 787509923 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

787509923

C2

kamintrewftor.com

Targets

- Target
  
  build-052.msi
- Size
  
  720KB
- MD5
  
  5241275990f43d896fee78d1d72757e3
- SHA1
  
  8d825da07a5ccb9e518c518ea4d61c9b8374e63b
- SHA256
  
  cbc31e48f08c7d1877246e6759edee70cecdfc76416a7b7f7ca0feede3355b93
- SHA512
  
  1b417940bbdb56f63533ac380fb288870e095fa8f491bed472e171c7eab3d4090edeb72f90b2b21330eaad8ebb8a25dded4db470d5d3b13087ad707b97ae6f4e
- SSDEEP
  
  12288:ywHL0D7hkCPumy9chfA+t58B0igC+/NHBnn1SCSR:jHL0R/zyt+X8BtZKBn1SD
Score

10^/10

icedid 787509923 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid787509923bankerloadertrojan

© 2018-2024

Terms | Privacy