icedid | 65104ebfa4ced4810c1777b0bc991466b762fd3ac2acdcfd7104feb76fb1d093 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Document_3243_(Feb10).zip
Size

1.0MB
Sample

230210-yya4gsad6w
MD5

804ad18ac5a734c607015e9bacd68404
SHA1

c55e0c02952e4e64bd1edf5b712dfa5c1ba42974
SHA256

65104ebfa4ced4810c1777b0bc991466b762fd3ac2acdcfd7104feb76fb1d093
SHA512

c68f4663a0ab73bd0190f584dcb0f5d93de9f2e676b9a1c005301c45a3b5f47f15a9f00c50962ca629bbab899cd5556e2bcab595c451e1a52315f540ccd1962d
SSDEEP

3072:hLnsom5D/NI92pzNRlrl/BgjEBvjGK26e2Ly4qJo5sjQoEFrvb0kTnUmoh:hsoqRIkNXrcEBbGH6dykoArz/jUmS

Score

10^/10

icedid 3227791210 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3227791210

C2

staringgeipod.com

Targets

- Target
  
  Document_3243_(Feb10).exe
- Size
  
  705.5MB
- MD5
  
  104e4f8c105ba8b25e37ac57c278e409
- SHA1
  
  ed25172f9290f11c1efdfc94b4893fa04068e7ce
- SHA256
  
  49af8e57c45fa8fd5da9854e11c4ae5adae58eca64354be68d274d421b2b4164
- SHA512
  
  ef569457243373f5d2e1be0310dee440322a209edcf2a756f770d333bc88a11403393873a7f87df05caf0099074e772011eca84133312cedc5b30b812f886423
- SSDEEP
  
  6144:2zoqFM6Bvl/6SreaG9j8Sxu1KNT7bTy9u0sx5cqvuS3tPUj/oht0dznm4ZbGk:NOM6BZKaGV8Sxptysdcof0dzN
Score

10^/10

icedid 3227791210 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid3227791210bankerloadertrojan

behavioral2