icedid | hxxps://firebasestorage[.]googleapis[.]com/v0/b/uplifted-theory-371719[.]appspot[.]com/o/NP6oE008nu%2Frequest_01-10_INV-260[.]zip?alt=media&token=8094aa26-471d-4968-85bf-ab0ba94484c4

General

Target

https://firebasestorage.googleapis.com/v0/b/uplifted-theory-371719.appspot.com/o/NP6oE008nu%2Frequest_01-10_INV-260.zip?alt=media&token=8094aa26-471d-4968-85bf-ab0ba94484c4
Sample

230112-ddq9rafa35

Score

10^/10

Malware Config

Extracted

Family

icedid

Campaign

1421378695

C2

ebothlips.com

Targets

- Target
  
  https://firebasestorage.googleapis.com/v0/b/uplifted-theory-371719.appspot.com/o/NP6oE008nu%2Frequest_01-10_INV-260.zip?alt=media&token=8094aa26-471d-4968-85bf-ab0ba94484c4
Score

10^/10

icedid 1421378695 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3

T1012

Peripheral Device Discovery

2

T1120

System Information Discovery

3

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

IcedID, BokBot

Blocklisted process makes network request

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

urlscan1

behavioral1