icedid | ed4bddf1f6742cc28dd76fcc489e2fe1a9eb7e1eadf1ee8c2bb0a8fddc67a256 | Triage

Resubmissions

16-01-2023 18:16

230116-wwn68aba24 10

16-01-2023 18:06

230116-wp8maaeh31 3

Sharing

General

Target

p367 - Download.iso
Size

1.3MB
Sample

230116-wwn68aba24
MD5

3b00bccee19fe92fd0fd4fc431df7702
SHA1

aecef12040541ade1730e960e9aa6809803ef1cb
SHA256

ed4bddf1f6742cc28dd76fcc489e2fe1a9eb7e1eadf1ee8c2bb0a8fddc67a256
SHA512

89e1dd0489bde9b6f2ba5f8e4fdc703e683cdbd4054df67609cd7b6e1976170fa2fc3f3fe27aabf5b67bffd3aa464f89f6ba1388d16b29da07869addfafb9fa6
SSDEEP

3072:4O3mR80/ohURN3X3JKXvhuVQPSoPf1DgaibTVxC2QfRPNrNwmpPFo:4OWxohUrXoXvUkSo+aGTPwPNrh

Score

10^/10

icedid 1387823457 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1387823457

C2

allertmnemonkik.com

Targets

- Target
  
  p367 - Download.iso
- Size
  
  1.3MB
- MD5
  
  3b00bccee19fe92fd0fd4fc431df7702
- SHA1
  
  aecef12040541ade1730e960e9aa6809803ef1cb
- SHA256
  
  ed4bddf1f6742cc28dd76fcc489e2fe1a9eb7e1eadf1ee8c2bb0a8fddc67a256
- SHA512
  
  89e1dd0489bde9b6f2ba5f8e4fdc703e683cdbd4054df67609cd7b6e1976170fa2fc3f3fe27aabf5b67bffd3aa464f89f6ba1388d16b29da07869addfafb9fa6
- SSDEEP
  
  3072:4O3mR80/ohURN3X3JKXvhuVQPSoPf1DgaibTVxC2QfRPNrNwmpPFo:4OWxohUrXoXvUkSo+aGTPwPNrh
Score

10^/10

icedid 1387823457 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid1387823457bankerloadertrojan