icedid | 5d39b75eae07ccfe77968f0056eeb6feec2b124cd5d52327f4b162827beba604 | Triage

Submit
Reports

Overview

overview

Static

static

Setup_Win_...34.msi

windows7-x64

Setup_Win_...34.msi

windows10-2004-x64

Sharing

General

Target

Setup_Win_16-12-2022_16-47-34.zip
Size

960KB
Sample

221216-wjg75saa3t
MD5

52d108c6b8943f2dc03b5c34bc7cd204
SHA1

0e492ea670a1efa45d742c7b1459966b29e3b6e8
SHA256

5d39b75eae07ccfe77968f0056eeb6feec2b124cd5d52327f4b162827beba604
SHA512

b93bc4bdf9cf1e14c9a59aaa6c60073119e4ad293d965995a1788e5e4599d92b69a6bea0bad0c85d8a748b888deb035750a8b5524f48c70ad6711c112c8516c8
SSDEEP

24576:wrDBZuUzIwElVntXzUi1JN2ZS/fOnV5i5ln6mVPl07ntxnJJ8mrWKn:wHB/z/ElVnBzBJN2ZS/aBIMzP8mCG

Score

10^/10

icedid 1228806356 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

Setup_Win_16-12-2022_16-47-34.msi

Resource

win7-20220812-en

icedid 1228806356 banker loader trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup_Win_16-12-2022_16-47-34.msi

Resource

win10v2004-20221111-en

icedid 1228806356 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1228806356

C2

klepdrafooip.com

Targets

- Target
  
  Setup_Win_16-12-2022_16-47-34.msi
- Size
  
  1.6MB
- MD5
  
  392916da17e4ef4d8c88c778cf75db5a
- SHA1
  
  1996bc54416273a26bf938a713f9f35a5aae68a8
- SHA256
  
  e8b323a81faf2904459bb4a35bc8e2519850afc9f960ffd06a22f3e197185a9a
- SHA512
  
  4c554f32906b3ce50633628afac4a3984f8e5f4039f185d4d8d6d653aa35d6df2eae860d4a64a08e94c4cd4283d56e5118ab5447f2fa53b590ad1cde638b182d
- SSDEEP
  
  24576:7HL0HvwglMtNroES7S8asBci5cRMyBAUIqw5NOcH9iIDMNUEer0OVTm10ku2w:7r0YglMbr3SWpsWjRMMKIIDB/k
Score

10^/10

icedid 1228806356 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1228806356bankerloadertrojan

behavioral2

icedid1228806356bankerloadertrojan

© 2018-2024

Terms | Privacy