icedid | 63a7d98369925d6e98994cdb5937bd896506665be9f80dc55de7eb6df00f7607 | Triage

Submit
Reports

Overview

overview

Static

static

Setup_Win_...29.msi

windows7-x64

Setup_Win_...29.msi

windows10-2004-x64

Sharing

General

Target

Setup_Win_14-12-2022_18-36-29.msi
Size

1.9MB
Sample

221219-p2hs3afa44
MD5

483a92951b440f2212fbfba38174d8a4
SHA1

914b9a827b1937935681a033b1c32a2df97a4874
SHA256

63a7d98369925d6e98994cdb5937bd896506665be9f80dc55de7eb6df00f7607
SHA512

336d65a516d8503ec939cb52d186b42d1dc41abc253ac85262bd251f4c63f81fa78d8f48122e608c91ec7f6cf43db1daf87c9c26f6636fa6410d10541018a93b
SSDEEP

49152:Jr0QHD5a4/7yGe8EsuRMEl73hXNGzchfzYZppUQ:Jr08MuLshh

Score

10^/10

icedid 1002085315 banker loader trojan

Static task

static1

Behavioral task

behavioral1

Sample

Setup_Win_14-12-2022_18-36-29.msi

Resource

win7-20220812-en

icedid 1002085315 banker loader trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup_Win_14-12-2022_18-36-29.msi

Resource

win10v2004-20221111-en

icedid 1002085315 banker loader trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1002085315

C2

klepdrafooip.com

Targets

- Target
  
  Setup_Win_14-12-2022_18-36-29.msi
- Size
  
  1.9MB
- MD5
  
  483a92951b440f2212fbfba38174d8a4
- SHA1
  
  914b9a827b1937935681a033b1c32a2df97a4874
- SHA256
  
  63a7d98369925d6e98994cdb5937bd896506665be9f80dc55de7eb6df00f7607
- SHA512
  
  336d65a516d8503ec939cb52d186b42d1dc41abc253ac85262bd251f4c63f81fa78d8f48122e608c91ec7f6cf43db1daf87c9c26f6636fa6410d10541018a93b
- SSDEEP
  
  49152:Jr0QHD5a4/7yGe8EsuRMEl73hXNGzchfzYZppUQ:Jr08MuLshh
Score

10^/10

icedid 1002085315 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1002085315bankerloadertrojan

behavioral2

icedid1002085315bankerloadertrojan

© 2018-2024

Terms | Privacy