icedid | 52a6b8810c210991617bbb61edfbbbba7b68c760144128b1bb05d89890e04c06 | Triage

Resubmissions

13-01-2023 23:34

230113-3kgfkaeh65 10

13-01-2023 23:32

230113-3jkrlaag4w 1

13-01-2023 23:13

230113-27ve9sef94 10

Sharing

General

Target

ae9a91bbedca1d0a1b94ceaa7ace9eb4-sample.zip
Size

487KB
Sample

230113-3kgfkaeh65
MD5

2515fb03e1acc0b648d7aa72e8022479
SHA1

b9a0ce579f36aa0867dc3de83ede27828d694581
SHA256

52a6b8810c210991617bbb61edfbbbba7b68c760144128b1bb05d89890e04c06
SHA512

9b49aef6a76d73260d84da14149df70bc197ba060f1f89db62c3172b93af4232175b5980230a84eef3a2b144a2db3c5f5c7ec5e156bc2fbc184379fcc7cdc534
SSDEEP

12288:c9qKj1uujNl86BROAuThdNxtqi7PMNC8C5nmz:hu5e6BsHT3NxtqukNHAmz

Score

10^/10

icedid 3146401099 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3146401099

C2

trbiriumpa.com

Targets

- Target
  
  DocumentScan_12-23#122.html
- Size
  
  646KB
- MD5
  
  a63b4b055759b39d74b8e3650e251b70
- SHA1
  
  be9a4c65245aece4c26210395cc0472a86ae8c27
- SHA256
  
  0566ca0f99c573cc121e20ef7c95384ad8cf49268ade581041e077e5ebf89d74
- SHA512
  
  31c3fd076dfa8e976c3602574ab2a623471399cd7211cbc2618cb66eecf5344a6f3f15d6fafa0412dfaf85034b30cb073ee774d24836384e413ba6e9adfefcce
- SSDEEP
  
  12288:Ff7Zg0rMUUsvb6g51o0P20o3RcrBgDxQ28ZuGe+VmVWVQoAK3Yx3JSxcYq:h7Z3rOsvXor0w+8IHfc5SU
Score

10^/10

icedid 3146401099 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

icedid3146401099bankerloadertrojan