icedid | 8fcc001e65fd53bd7ee288c5972ac58f4d8d12397ac6a2dd9c1aa85aa0e61235 | Triage

Sharing

General

Target

Document-755.iso
Size

1.4MB
Sample

230117-txyqyafb7t
MD5

e4c27c946ec3abf3d7ea2fd64019ccfe
SHA1

2674780c3aac37dc1a380941d6611b224aeb3edf
SHA256

8fcc001e65fd53bd7ee288c5972ac58f4d8d12397ac6a2dd9c1aa85aa0e61235
SHA512

5c3913219f800ee12d1e0543020cad602d9ebff243decd7f933e3fcbe5d7697e00b057bb3ce4a0f5a68cd7974b8276a7295e5d3457e6c1504e659d79e4d267ee
SSDEEP

6144:16sbYTf1IFpSQjAsK67TbDkJGvPiaTB00Czya:4Nf67h0JGSaTi

Score

10^/10

icedid 3074491541 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3074491541

C2

dgormiugatox.com

Targets

- Target
  
  Document-755.iso
- Size
  
  1.4MB
- MD5
  
  e4c27c946ec3abf3d7ea2fd64019ccfe
- SHA1
  
  2674780c3aac37dc1a380941d6611b224aeb3edf
- SHA256
  
  8fcc001e65fd53bd7ee288c5972ac58f4d8d12397ac6a2dd9c1aa85aa0e61235
- SHA512
  
  5c3913219f800ee12d1e0543020cad602d9ebff243decd7f933e3fcbe5d7697e00b057bb3ce4a0f5a68cd7974b8276a7295e5d3457e6c1504e659d79e4d267ee
- SSDEEP
  
  6144:16sbYTf1IFpSQjAsK67TbDkJGvPiaTB00Czya:4Nf67h0JGSaTi
Score

10^/10

icedid 3074491541 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid3074491541bankerloadertrojan