icedid | 82a6d212f086dd24fc5aacb8632020f459aa64783aec9bb9a33275e5aaf58353 | Triage

Sharing

General

Target

hockey32.tmp.zip
Size

625KB
Sample

230314-xa7xwahb75
MD5

b40f0f7a372ffd0a487e173b2f3d9230
SHA1

07b4c803ac0d93bd067156d8262ae947318e6a3d
SHA256

82a6d212f086dd24fc5aacb8632020f459aa64783aec9bb9a33275e5aaf58353
SHA512

ba3b1ddffc461ca06441c466fc4b7de21524aefdb7cbeab6e84234e89f3d1211c4ad67f35930abfb4e413339c250fc2bd4c8bb45928e7989fd3c51bb766ac782
SSDEEP

12288:wlP1w8z4zp/TlkBU9/TbrAFsLmaQ5TbNse2gyxFV728zQ6gWd89dO67CtxhBSduC:29ArlkWbrAMqThse27Fp/zQ63BRhBUuC

Score

10^/10

icedid 998075300 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

998075300

C2

blomskavino.com

alishaskainz.com

Attributes

auth_var
22
url_path
/news/

Targets

- Target
  
  hockey32.tmp
- Size
  
  692KB
- MD5
  
  9a6a8a3a51646c00f889e3a1e9dd9c05
- SHA1
  
  f28332bdea24743344b1a16751b6599a4468ae65
- SHA256
  
  1c920ccbf54c6c602f86d6198cf01182e6591b8e3282597fd18db554f399ea82
- SHA512
  
  26e0a8b0b6e22c62e796d6507a83ce504641785eae1a1d3fc0eb379b102b1f86367cf3f2dfef55a8202828648a7e7cafea6b1612035bb06ed6416998604689cf
- SSDEEP
  
  12288:XikJtK2GXtJ67fgNWGfkbRjuZ3g5+VV8X:LJ1GXtJ68NWGfkbRGg5+VV8X
Score

3^/10
behavioral1 behavioral2
- Target
  
  run.bat
- Size
  
  53B
- MD5
  
  af3982e63bd6117a6da9735eaf3961c3
- SHA1
  
  81e9edb76f4dd178df7c0d79a0a1cbc875b0113f
- SHA256
  
  fb31610299ecc6455c4832c8d355b08d9cdeb57ebf3f780e376feaf6956739b8
- SHA512
  
  6d2216f375cd42ec2fa1559f487b410ba90b0514ab74c9678ef4f71d28c64444679ba45d27e11267f596ef390f881dfb1f5c6c159e53f63a16418736ee9f87fa
Score

10^/10

icedid 998075300 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid998075300bankercore_loadertrojan

behavioral4

icedid998075300bankercore_loadertrojan