icedid | ef80d34f4f1f4ff1d809848a3dc59f489ba8321f7835ba63760c1a44c0869c6b | Triage

Sharing

General

Target

Request_980387_March_16.js
Size

11KB
Sample

230316-wl4h6aee2v
MD5

f7620e8393de1892407a64fd6c4fb37e
SHA1

27a75e63ca29e149d206e2b7649355d4663af36e
SHA256

ef80d34f4f1f4ff1d809848a3dc59f489ba8321f7835ba63760c1a44c0869c6b
SHA512

989965670351d5104b5d60386b8624ddf95d8ad36400eed35e639c4561e7a558c42501cc346028c9c20a8538d286b6cfb21fd7840d9a7142719a7db756934fd0
SSDEEP

192:0uX4cOkYAxdB2sBIiRsJRhI21/CG/E25k2tc6aqhJfSjW9uavQcLtRyUlml8naKM:1pOsdB24hajhspN2ebqhtSqrLmamliM

Score

10^/10

icedid 2171387498 banker loader trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://aproshak.top/gatef1.php

Extracted

Family

icedid

Campaign

2171387498

C2

avroralikhaem.com

Targets

- Target
  
  Request_980387_March_16.js
- Size
  
  11KB
- MD5
  
  f7620e8393de1892407a64fd6c4fb37e
- SHA1
  
  27a75e63ca29e149d206e2b7649355d4663af36e
- SHA256
  
  ef80d34f4f1f4ff1d809848a3dc59f489ba8321f7835ba63760c1a44c0869c6b
- SHA512
  
  989965670351d5104b5d60386b8624ddf95d8ad36400eed35e639c4561e7a558c42501cc346028c9c20a8538d286b6cfb21fd7840d9a7142719a7db756934fd0
- SSDEEP
  
  192:0uX4cOkYAxdB2sBIiRsJRhI21/CG/E25k2tc6aqhJfSjW9uavQcLtRyUlml8naKM:1pOsdB24hajhspN2ebqhtSqrLmamliM
Score

10^/10

icedid 2171387498 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid2171387498bankerloadertrojan

behavioral2

icedid2171387498bankerloadertrojan