icedid | 7092d744817b17348172c00fe2bc3710794688fe34e200c9c4e7ab6d3ecfda02 | Triage

Submit
Reports

Overview

overview

Static

static

soon_even.msi

windows7-x64

soon_even.msi

windows10-2004-x64

Sharing

General

Target

7092d744817b17348172c00fe2bc3710794688fe34e200c9c4e7ab6d3ecfda02.zip
Size

731KB
Sample

221214-g68laahc86
MD5

cb342cbe41e4892c0120c04078e57620
SHA1

f5e91c14e40545dc98f677a01a44590c672884ef
SHA256

7092d744817b17348172c00fe2bc3710794688fe34e200c9c4e7ab6d3ecfda02
SHA512

0f53e59c3b4bd7d6ffa2f6b6195e70b3fa09c7b87fbefd4b680a9f6a70b9cdb06c69fd32cc4f80c91b6dd3383e997ed2869f16961fc579cff07885dcb5ac39cf
SSDEEP

12288:vvIqfXVQR4AVIRbV1ppF9LT1Q5elKUbjGQN/q1Coz0DW9U9RFtI:Y2VQRDCbVTpFxTi54KAjllABzsWq9/u

Score

10^/10

icedid 3407323965 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

soon_even.msi

Resource

win7-20220901-en

icedid 3407323965 banker loader trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

soon_even.msi

Resource

win10v2004-20221111-en

icedid 3407323965 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

3407323965

C2

estrabornhot.com

Targets

- Target
  
  soon_even.msi
- Size
  
  1.4MB
- MD5
  
  e97dda068d2b38835208a41cadad4740
- SHA1
  
  67adf8ec8479b8132f7a999f7d7556481d584208
- SHA256
  
  ebd022c7fed376881b90383028b0a6b18bc68f068cab5b4dadc57690612952e7
- SHA512
  
  8da4eff36676d8ed7cf13c0da0a853e19d54eaeb3c3d3ee4cb7945e1db4582fbb879838f91660a6a53f88ac29c12c633e88d713a92152d8116ea3fe6ee0ff634
- SSDEEP
  
  24576:nHL0HPEJnFbMyaPb8e1e96Pef7k0bNRjpB4dPURaZ:nr0MJKyaT/BPg1RaZ
Score

10^/10

icedid 3407323965 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid3407323965bankerloadertrojan

behavioral2

icedid3407323965bankerloadertrojan

© 2018-2024

Terms | Privacy