icedid | ea43a6d99b567d1dbc7339ff43e489ef22657fcd6bd9e36b69aea8b14fde8cd5 | Triage

Submit
Reports

Overview

overview

Static

static

Scan_Invoi...54.msi

windows7-x64

Scan_Invoi...54.msi

windows10-2004-x64

Sharing

General

Target

Scan_Invoice_12-09#54.msi
Size

824KB
Sample

221209-z6w7csed35
MD5

7c0c7922a082101215c998a4ecf15481
SHA1

5543faef6b9261087bad28e3274addd9823682b5
SHA256

ea43a6d99b567d1dbc7339ff43e489ef22657fcd6bd9e36b69aea8b14fde8cd5
SHA512

d689a1f9973e9996075bf1e5db2fb4326caef004e55b4f0bddb197535c179eb2bddb420c5ee68b23c842a423a9475eff98bb3bf2962a665304dafc684d97a4a1
SSDEEP

24576:yHL009mTn3Tp9Lolu0aID/kJAHCcWPXoPcTPbgrQlRNKIg8gx:yr00a3ku0ocWPXoPcTPbgrQlRNKIg8g

Score

10^/10

icedid 1178326404 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

Scan_Invoice_12-09#54.msi

Resource

win7-20221111-en

icedid 1178326404 banker loader trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Scan_Invoice_12-09#54.msi

Resource

win10v2004-20220812-en

icedid 1178326404 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1178326404

C2

broskabrwaf.com

Targets

- Target
  
  Scan_Invoice_12-09#54.msi
- Size
  
  824KB
- MD5
  
  7c0c7922a082101215c998a4ecf15481
- SHA1
  
  5543faef6b9261087bad28e3274addd9823682b5
- SHA256
  
  ea43a6d99b567d1dbc7339ff43e489ef22657fcd6bd9e36b69aea8b14fde8cd5
- SHA512
  
  d689a1f9973e9996075bf1e5db2fb4326caef004e55b4f0bddb197535c179eb2bddb420c5ee68b23c842a423a9475eff98bb3bf2962a665304dafc684d97a4a1
- SSDEEP
  
  24576:yHL009mTn3Tp9Lolu0aID/kJAHCcWPXoPcTPbgrQlRNKIg8gx:yr00a3ku0ocWPXoPcTPbgrQlRNKIg8g
Score

10^/10

icedid 1178326404 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1178326404bankerloadertrojan

behavioral2

icedid1178326404bankerloadertrojan

© 2018-2024

Terms | Privacy