icedid | 4932b4ec3237f464b6e29179dfa43adc0740d520cd115657d01d122010274e95 | Triage

Sharing

General

Target

Setup_Win_24-01-2023.zip
Size

857KB
Sample

230124-vny6saed21
MD5

5bbe9a72af4e00549058cd13e3144cc9
SHA1

15b5f5af006d4d653847c167efcd1413ccfaa7cb
SHA256

4932b4ec3237f464b6e29179dfa43adc0740d520cd115657d01d122010274e95
SHA512

c2f89b1b9f3104f06b74f6773c7b3243a33026550e07dab9c7aafe2a5e34dd3f936c603ae73057a6a81b752d7d7d9d298d0bb747ab3b7b3aba1eaaa25ca68335
SSDEEP

3072:OW0L9355ogrwncA4jyaRomjobsDkN5/Dm8Dif0/B0CtL8i96A:OW035b6cA4jBRomsbuWVLDU2aCuiZ

Score

10^/10

icedid 3324185820 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3324185820

C2

druidfenixis.com

Targets

- Target
  
  Setup_Win_24-01-2023.zip
- Size
  
  857KB
- MD5
  
  5bbe9a72af4e00549058cd13e3144cc9
- SHA1
  
  15b5f5af006d4d653847c167efcd1413ccfaa7cb
- SHA256
  
  4932b4ec3237f464b6e29179dfa43adc0740d520cd115657d01d122010274e95
- SHA512
  
  c2f89b1b9f3104f06b74f6773c7b3243a33026550e07dab9c7aafe2a5e34dd3f936c603ae73057a6a81b752d7d7d9d298d0bb747ab3b7b3aba1eaaa25ca68335
- SSDEEP
  
  3072:OW0L9355ogrwncA4jyaRomjobsDkN5/Dm8Dif0/B0CtL8i96A:OW035b6cA4jBRomsbuWVLDU2aCuiZ
Score

1^/10
behavioral1 behavioral2
- Target
  
  Setup_Win_24-01-2023_16-34-32.exe
- Size
  
  700.3MB
- MD5
  
  25bc6cd71eb39d9cc093a371e5ff73c6
- SHA1
  
  b2a97ac341732b83a073b1e02e7e57eab136b2b5
- SHA256
  
  c483b19c7700538210dffaa2d94c4076bca26725b52aeea07062472ec2508be9
- SHA512
  
  deb16ceedd95b27bf3062a95d35b19dc505619a3784a2785bd312aff451927ceaf1c82833ff0eccd96462b38503da8f5f69d4ce8e96410045963346e6fd53ab1
- SSDEEP
  
  6144:bAHUFNIhsCZaNuaG8Hya5EDZObAnvx7LzKJk3Y1e5KRXmQzFtYVKv:0UFUvxaZnaD7+JZCm
Score

10^/10

icedid 3324185820 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid3324185820bankerloadertrojan

behavioral4

icedid3324185820bankerloadertrojan