icedid | f0bd3ee5f750d9bff17c13acfcdd96ab42e194319d766053104dee666b58e7bb | Triage

Submit
Reports

Overview

overview

Static

static

build-064.msi

windows7-x64

build-064.msi

windows10-2004-x64

Sharing

General

Target

build-064.msi
Size

720KB
Sample

221212-vv5l5sca43
MD5

4b5e7a1fbd90cd678b8648ff34de5813
SHA1

efa480263a6d2bf167592b04bd64e0ebe5685318
SHA256

f0bd3ee5f750d9bff17c13acfcdd96ab42e194319d766053104dee666b58e7bb
SHA512

f19664821059994e7e7f07dec13eb61a87ee1b138bb5344c14909bed8315cc27946414f47fbcd011a0a569203542114434fe9a5f9f02bacb101605459f4e4dde
SSDEEP

12288:/wHL0D7MkCPumy9chfA+tC8B0igC+/NHBT1SMut:YHL08/zyt+Q8BtZKBRSZ

Score

10^/10

icedid 787509923 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

build-064.msi

Resource

win7-20221111-en

icedid 787509923 banker loader trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

build-064.msi

Resource

win10v2004-20220812-en

icedid 787509923 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

787509923

C2

kamintrewftor.com

Targets

- Target
  
  build-064.msi
- Size
  
  720KB
- MD5
  
  4b5e7a1fbd90cd678b8648ff34de5813
- SHA1
  
  efa480263a6d2bf167592b04bd64e0ebe5685318
- SHA256
  
  f0bd3ee5f750d9bff17c13acfcdd96ab42e194319d766053104dee666b58e7bb
- SHA512
  
  f19664821059994e7e7f07dec13eb61a87ee1b138bb5344c14909bed8315cc27946414f47fbcd011a0a569203542114434fe9a5f9f02bacb101605459f4e4dde
- SSDEEP
  
  12288:/wHL0D7MkCPumy9chfA+tC8B0igC+/NHBT1SMut:YHL08/zyt+Q8BtZKBRSZ
Score

10^/10

icedid 787509923 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid787509923bankerloadertrojan

behavioral2

icedid787509923bankerloadertrojan

© 2018-2024

Terms | Privacy