icedid | b1d89aa18cd6e5e8e007713b1f79ae72238e85211c19d403b02ace2eac464e67 | Triage

Submit
Reports

Overview

overview

Static

static

Scan_Invoi...46.msi

windows7-x64

Scan_Invoi...46.msi

windows10-2004-x64

Sharing

General

Target

Scan_Invoice_12-09#46.msi
Size

824KB
Sample

221212-w4bk4aeh5w
MD5

eb93a0d10c8b95407415ddbfdb98e1b9
SHA1

74350debcdc7cfab67bcb612750fb4cb1f791649
SHA256

b1d89aa18cd6e5e8e007713b1f79ae72238e85211c19d403b02ace2eac464e67
SHA512

046ce84e6e90885419a9a1974468f7565ea9aa21945bc8987212e175178c1ce5cd61253a8b34f517fafddb307d8264361a5794a673e2e78d56df3490b66b1dff
SSDEEP

24576:HHL049mTn3Tp9Lol00aID/kJAHC+WPXoPcTPbgrQlRNKIg8gx:Hr04a3k00o+WPXoPcTPbgrQlRNKIg8g

Score

10^/10

icedid 1178326404 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

Scan_Invoice_12-09#46.msi

Resource

win7-20220901-en

icedid 1178326404 banker loader trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Scan_Invoice_12-09#46.msi

Resource

win10v2004-20220812-en

icedid 1178326404 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1178326404

C2

broskabrwaf.com

Targets

- Target
  
  Scan_Invoice_12-09#46.msi
- Size
  
  824KB
- MD5
  
  eb93a0d10c8b95407415ddbfdb98e1b9
- SHA1
  
  74350debcdc7cfab67bcb612750fb4cb1f791649
- SHA256
  
  b1d89aa18cd6e5e8e007713b1f79ae72238e85211c19d403b02ace2eac464e67
- SHA512
  
  046ce84e6e90885419a9a1974468f7565ea9aa21945bc8987212e175178c1ce5cd61253a8b34f517fafddb307d8264361a5794a673e2e78d56df3490b66b1dff
- SSDEEP
  
  24576:HHL049mTn3Tp9Lol00aID/kJAHC+WPXoPcTPbgrQlRNKIg8gx:Hr04a3k00o+WPXoPcTPbgrQlRNKIg8g
Score

10^/10

icedid 1178326404 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1178326404bankerloadertrojan

behavioral2

icedid1178326404bankerloadertrojan

© 2018-2024

Terms | Privacy