icedid | f12671f2c75f6775b37f4edb1f72bef6ead512102a9860be67cc0529971c72b4 | Triage

Submit
Reports

Overview

overview

Static

static

3

Request_1-...36.pdf

windows7-x64

1

Request_1-...36.pdf

windows10-2004-x64

Sharing

General

Target

Request_1-10_INV_236.pdf
Size

127KB
Sample

230111-wgn8nsdf85
MD5

97d0e8f68b3f57d9a30fc01bb56da4ed
SHA1

6a7ed2bc017749e89ec78071140cf75d0cee47f9
SHA256

f12671f2c75f6775b37f4edb1f72bef6ead512102a9860be67cc0529971c72b4
SHA512

dd9fa6a1c854e420f99d28dd04f7c555003d75817fd00ab75bd331a9842a6d572d4f48a7d948e684b3c9b3414487c28222929bd5a1b4c9559da0eefc77ee1e62
SSDEEP

3072:431i8aurDTSoWqSHuov0kPp+eLRwikxFmaOKaUaUMC/uByslS:vG3SoWHRcw+elamrQ3MC/uQslS

Score

10^/10

icedid 1421378695 banker link loader pdf persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Request_1-10_INV_236.pdf

Resource

win7-20220901-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Request_1-10_INV_236.pdf

Resource

win10v2004-20220812-en

icedid 1421378695 banker loader persistence trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

icedid

Campaign

1421378695

C2

ebothlips.com

Targets

- Target
  
  Request_1-10_INV_236.pdf
- Size
  
  127KB
- MD5
  
  97d0e8f68b3f57d9a30fc01bb56da4ed
- SHA1
  
  6a7ed2bc017749e89ec78071140cf75d0cee47f9
- SHA256
  
  f12671f2c75f6775b37f4edb1f72bef6ead512102a9860be67cc0529971c72b4
- SHA512
  
  dd9fa6a1c854e420f99d28dd04f7c555003d75817fd00ab75bd331a9842a6d572d4f48a7d948e684b3c9b3414487c28222929bd5a1b4c9559da0eefc77ee1e62
- SSDEEP
  
  3072:431i8aurDTSoWqSHuov0kPp+eLRwikxFmaOKaUaUMC/uByslS:vG3SoWHRcw+elamrQ3MC/uQslS
Score

10^/10

icedid 1421378695 banker loader persistence trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid1421378695bankerloaderpersistencetrojan

© 2018-2024

Terms | Privacy