icedid | b58a31d34c5014ac5f41d7ecd5a741139595ae6d05ac850a41314ff03260e4c0 | Triage

Sharing

General

Target

iced.zip
Size

127KB
Sample

221212-kzeamsba25
MD5

706f48e4db0207fb398a39b1ca48e364
SHA1

2e0f018819ffdf2ed148ff86a9cbab002f577a33
SHA256

b58a31d34c5014ac5f41d7ecd5a741139595ae6d05ac850a41314ff03260e4c0
SHA512

fccdc000f31a0f70caeff17007d194154bcea992adca082d556ccf5d4efd6f2dfe963529d9e1342f31ff17fbec82dc523f487cfd71deeb8e6010a4aaa94e9f89
SSDEEP

3072:bEGLMu/KumT3NHlvWLV0OLfVkFqNIgxyuoyRPBCR:QGLjK1JFvChTIgx3oPR

Score

10^/10

icedid 1268412609 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1268412609

C2

ewgahskoot.com

Targets

- Target
  
  iced/Documents.lnk
- Size
  
  2KB
- MD5
  
  4237deaa85e5e4bbd6b925dc5b83984a
- SHA1
  
  740ae2cc9ed94d78607e3ddc7f83647434e5fade
- SHA256
  
  61c2586653dfec082d45671296840368df356d2c8770c8e2d6221fb6fe29ecac
- SHA512
  
  5117ce3f8ae987f32002c2313ff4d581a11d450eb597dc566204b98e17e33138da31da78d21a32f39ab0d3a213710bc35f48a9a132141468c930df0fcfee9622
Score

10^/10

icedid 1268412609 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  iced/askgothogtan/forbidding.tmp
- Size
  
  374KB
- MD5
  
  6242b580541d24a300b10998f33af74f
- SHA1
  
  091b8d919aa4d340c4872ad97488eeb7866175e6
- SHA256
  
  88b2a39578b88e560fd05ec2fcd971cf63e4fbeb229026ad5c0dc3bce17ea549
- SHA512
  
  c1ee8be83d598277d7db31e9aad0318e710e73c5a89a61fc7554e79470ff8fab637954038a4817e5da188be20741bab2c6302c1c1df97df90c5c5b36d4913d13
- SSDEEP
  
  6144:00FOhm3Y1LfpDqnkIBwcu/oDdzr88vAHL/l7ysDPXoPcTPinEgrTytlRNKIg8ggd:00km3YYY/ohhvAHLoWPXoPcTPbgrmtlR
Score

3^/10
behavioral3 behavioral4
- Target
  
  iced/askgothogtan/ginbum.cmd
- Size
  
  1KB
- MD5
  
  9c5c165f68040c27ca493218e54a57ef
- SHA1
  
  e18932c39422969e5908dce3260acae4e46a11ad
- SHA256
  
  791ece5a1f7a84eb20786454ec917d3ef16a0a57a7d5e9ecbeb069151cdd16d4
- SHA512
  
  fed35aa7628d645d20028d4c106b3899ea459480645a33c720d645dc339637e92033260a0187b33f421b74a5b1df97845bd2d6af833dc4fbfcf4c275937fc638
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1268412609bankerloadertrojan

behavioral2

icedid1268412609bankerloadertrojan

behavioral3

behavioral4

behavioral5

behavioral6