icedid | 0ea960266d24cb7702ddc737b839131e61e3cfbd54ac2c89dc64682b4385242a | Triage

Sharing

General

Target

useful32.dat.zip
Size

520KB
Sample

230315-tdqwzseb43
MD5

4d7ccc813699bd06e185dcc220612c87
SHA1

23f87a9496a10f93e94c90c017b472e0e62ca0f6
SHA256

0ea960266d24cb7702ddc737b839131e61e3cfbd54ac2c89dc64682b4385242a
SHA512

98822c85dc3baa7d8505b818d9e35b830414c377ef6894a2bca850c82f55b494647e22efa402cf0872ea0a061ce447cf5a80ee9de14ee9f4f75f20f4e348570c
SSDEEP

12288:blP1w8z4zp/TlkBU9/TbrAFsLmaQ5TbNse2gyiqAPnu+zno:z9ArlkWbrAMqThse2EFzo

Score

10^/10

icedid 998075300 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

998075300

C2

alishaskainz.com

akermonixalif.com

Attributes

auth_var
37
url_path
/news/

Targets

- Target
  
  run.bat
- Size
  
  53B
- MD5
  
  02c5930c43d77807146b46ad8bd59f30
- SHA1
  
  c8b0b45f158950274d3f731ef7317c5c1c201f25
- SHA256
  
  7263d6cbae7e20a977c6c4d1fdf39739f4b9e99bcbcd1a48c295a8401f90f66b
- SHA512
  
  02ebb2565bcc3711296ca7b0274e5b7d9e5f7ff7f4a9ad86a592564d533a499bbdd44d81f0091bb4e82da8f11115c066076ccdb74167e1bbc7c1f73724898bf9
Score

10^/10

icedid 998075300 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  useful32.dat
- Size
  
  368KB
- MD5
  
  be4bd5a1cc53211d6c4aa4d788f6c37f
- SHA1
  
  4903442380da9c2899c5dd234b8680748bbda15c
- SHA256
  
  d4e4f398d5569e14962a03073bd9424d8af28635ffd4377276b5bb9f5b86422e
- SHA512
  
  c362d0caf09b04634fcc1af1bb8124257a930208337240d72bf784c35552d0b660aa49913ef6ad356ed3274e9dfee092e39f7b0661353852afd061b6623e69b1
- SSDEEP
  
  6144:HI+QWLzCll9xQXbJ2740Za/Q6hJFl/q+LT54k5:HP1zCb9xQXbJCfx6hPdKk
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid998075300bankercore_loadertrojan

behavioral2

icedid998075300bankercore_loadertrojan

behavioral3

behavioral4