icedid | aeaec6ca7cfc629df46779db6f5b92da8a532bd3baf21570ea76e9f9f5becd40 | Triage

Sharing

General

Target

$RTKOW1B.zip
Size

827KB
Sample

221220-x965madh9w
MD5

bd1619082ee07b21fa40d532ef9cb8e4
SHA1

443713056deb34363bed0e165099412d23d4269d
SHA256

aeaec6ca7cfc629df46779db6f5b92da8a532bd3baf21570ea76e9f9f5becd40
SHA512

a19aa3cc69af6e83722bc79d5baa72336ed1bbb1c8297e2b4b068a95f31e51f1d5dde67e6cceebf0d0b4265866a0bd918db6f0f3b024f07383ac13721a6bd207
SSDEEP

24576:KoqpFTwvyQNR53uFPnTsuLJR6LJsDzpDO4lc0:KppFANnu9QmJR6LYK4lc0

Score

10^/10

icedid 3114391984 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3114391984

C2

estrabornhot.com

Targets

- Target
  
  $RTKOW1B.zip
- Size
  
  827KB
- MD5
  
  bd1619082ee07b21fa40d532ef9cb8e4
- SHA1
  
  443713056deb34363bed0e165099412d23d4269d
- SHA256
  
  aeaec6ca7cfc629df46779db6f5b92da8a532bd3baf21570ea76e9f9f5becd40
- SHA512
  
  a19aa3cc69af6e83722bc79d5baa72336ed1bbb1c8297e2b4b068a95f31e51f1d5dde67e6cceebf0d0b4265866a0bd918db6f0f3b024f07383ac13721a6bd207
- SSDEEP
  
  24576:KoqpFTwvyQNR53uFPnTsuLJR6LJsDzpDO4lc0:KppFANnu9QmJR6LYK4lc0
Score

10^/10

icedid 3114391984 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid3114391984bankerloadertrojan