icedid | 070f9169977c766c426e9c1a8161a40f54a068ef7cc1c3090d226e87dc890095 | Triage

Submit
Reports

Overview

overview

Static

static

document_1...DF.msi

windows7-x64

6

document_1...DF.msi

windows10-2004-x64

Sharing

General

Target

document_133_invoice#PDF.msi
Size

660KB
Sample

221206-x8c56afg48
MD5

76bf2b13ab0bdb12c1b8fc474fb9984e
SHA1

8c90ecad73788a40c93ca6a6411c79c581216cee
SHA256

070f9169977c766c426e9c1a8161a40f54a068ef7cc1c3090d226e87dc890095
SHA512

8945defdd78c03c0e62ac636657835e70210afba5ade7a8f9eab8c6725371b30a9ad26820ed57a0d7fe2b5af6bf2ab18a06ed6adb35c6203ae0dfd1057fd01be
SSDEEP

12288:nwHL0D7CkCPumy9chfA+tO5O//M777777LwmqLuSgF3u:wHL0S/zyt+M5OX/qtF3u

Score

10^/10

icedid 764376559 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

document_133_invoice#PDF.msi

Resource

win7-20220812-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

document_133_invoice#PDF.msi

Resource

win10v2004-20220901-en

icedid 764376559 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

764376559

C2

saintrefunda.com

Targets

- Target
  
  document_133_invoice#PDF.msi
- Size
  
  660KB
- MD5
  
  76bf2b13ab0bdb12c1b8fc474fb9984e
- SHA1
  
  8c90ecad73788a40c93ca6a6411c79c581216cee
- SHA256
  
  070f9169977c766c426e9c1a8161a40f54a068ef7cc1c3090d226e87dc890095
- SHA512
  
  8945defdd78c03c0e62ac636657835e70210afba5ade7a8f9eab8c6725371b30a9ad26820ed57a0d7fe2b5af6bf2ab18a06ed6adb35c6203ae0dfd1057fd01be
- SSDEEP
  
  12288:nwHL0D7CkCPumy9chfA+tO5O//M777777LwmqLuSgF3u:wHL0S/zyt+M5OX/qtF3u
Score

10^/10

icedid 764376559 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid764376559bankerloadertrojan

© 2018-2024

Terms | Privacy