icedid | e8b323a81faf2904459bb4a35bc8e2519850afc9f960ffd06a22f3e197185a9a | Triage

Submit
Reports

Overview

overview

Static

static

Setup_Win_...34.msi

windows7-x64

Setup_Win_...34.msi

windows10-2004-x64

Sharing

General

Target

Setup_Win_16-12-2022_16-47-34.msi
Size

1.6MB
Sample

221216-wgaehsaa2y
MD5

392916da17e4ef4d8c88c778cf75db5a
SHA1

1996bc54416273a26bf938a713f9f35a5aae68a8
SHA256

e8b323a81faf2904459bb4a35bc8e2519850afc9f960ffd06a22f3e197185a9a
SHA512

4c554f32906b3ce50633628afac4a3984f8e5f4039f185d4d8d6d653aa35d6df2eae860d4a64a08e94c4cd4283d56e5118ab5447f2fa53b590ad1cde638b182d
SSDEEP

24576:7HL0HvwglMtNroES7S8asBci5cRMyBAUIqw5NOcH9iIDMNUEer0OVTm10ku2w:7r0YglMbr3SWpsWjRMMKIIDB/k

Score

10^/10

icedid 1228806356 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

Setup_Win_16-12-2022_16-47-34.msi

Resource

win7-20221111-en

icedid 1228806356 banker loader trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup_Win_16-12-2022_16-47-34.msi

Resource

win10v2004-20221111-en

icedid 1228806356 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1228806356

C2

klepdrafooip.com

Targets

- Target
  
  Setup_Win_16-12-2022_16-47-34.msi
- Size
  
  1.6MB
- MD5
  
  392916da17e4ef4d8c88c778cf75db5a
- SHA1
  
  1996bc54416273a26bf938a713f9f35a5aae68a8
- SHA256
  
  e8b323a81faf2904459bb4a35bc8e2519850afc9f960ffd06a22f3e197185a9a
- SHA512
  
  4c554f32906b3ce50633628afac4a3984f8e5f4039f185d4d8d6d653aa35d6df2eae860d4a64a08e94c4cd4283d56e5118ab5447f2fa53b590ad1cde638b182d
- SSDEEP
  
  24576:7HL0HvwglMtNroES7S8asBci5cRMyBAUIqw5NOcH9iIDMNUEer0OVTm10ku2w:7r0YglMbr3SWpsWjRMMKIIDB/k
Score

10^/10

icedid 1228806356 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1228806356bankerloadertrojan

behavioral2

icedid1228806356bankerloadertrojan

© 2018-2024

Terms | Privacy