icedid | fbb09d953c06b75882193e0b4916e8df7f39e5f9591dca2d621c9670a1b3c4f7 | Triage

Resubmissions

06-02-2023 19:19

230206-x1rnksag2x 10

06-02-2023 19:07

230206-xsxvmafd69 1

Sharing

General

Target

IcedID.DAT
Size

310KB
Sample

230206-x1rnksag2x
MD5

c15f522222532867ad56db6def0b7ab0
SHA1

5556431bbd2fc48cb04a7e34ec037ddf5fb73de2
SHA256

fbb09d953c06b75882193e0b4916e8df7f39e5f9591dca2d621c9670a1b3c4f7
SHA512

85c557011e006ff7145085fdd63c92cacc70d06f26d11c6e0cbe4fdfdbb88f7a8bd3a02836c322fc79e6da38a857df776290444cddb4cab9ca1faa5ab0829945
SSDEEP

6144:bU7KTvQXacSovAunJ6dHbCVZlWXYqvEYsZN6b7UMMPr+6O3bB92o:bUOglSAJ6dHbyZlWXYqvmZ0b7Um6MB9V

Score

10^/10

icedid 1164203100 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1164203100

C2

blodwarstayed.com

Targets

- Target
  
  IcedID.DAT
- Size
  
  310KB
- MD5
  
  c15f522222532867ad56db6def0b7ab0
- SHA1
  
  5556431bbd2fc48cb04a7e34ec037ddf5fb73de2
- SHA256
  
  fbb09d953c06b75882193e0b4916e8df7f39e5f9591dca2d621c9670a1b3c4f7
- SHA512
  
  85c557011e006ff7145085fdd63c92cacc70d06f26d11c6e0cbe4fdfdbb88f7a8bd3a02836c322fc79e6da38a857df776290444cddb4cab9ca1faa5ab0829945
- SSDEEP
  
  6144:bU7KTvQXacSovAunJ6dHbCVZlWXYqvEYsZN6b7UMMPr+6O3bB92o:bUOglSAJ6dHbyZlWXYqvmZ0b7Um6MB9V
Score

10^/10

icedid 1164203100 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid1164203100bankerloadertrojan

behavioral2

icedid1164203100bankerloadertrojan