icedid | 5819449de1a53a9b42e58c2956f9c315a04a2e2fac5e12369a055ed74db70bf7 | Triage

Sharing

General

Target

whale-x32.dat.zip
Size

500KB
Sample

230316-xpbg8aef7x
MD5

31c02975040058165f0c228f1dc0252d
SHA1

a7394cfe42c912d98d7e8a330a85ef493e6e323b
SHA256

5819449de1a53a9b42e58c2956f9c315a04a2e2fac5e12369a055ed74db70bf7
SHA512

78fb95cad6931984b8a5b1bb4a3022262d77e03a413df145e96cf9c4e02f7cb83b3f09f8e1b50489cbea76e11ee985e031d1886cc3c767d2c6bdc955ed065d27
SSDEEP

12288:MlP1w8z4zp/TlkBU9/TbrAFsLmaQ5TbNse2gyjwVojV6SWmx:S9ArlkWbrAMqThse2pcok2

Score

10^/10

icedid 998075300 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

998075300

C2

alishaskainz.com

villageskaier.com

Attributes

auth_var
39
url_path
/news/

Targets

- Target
  
  run.bat
- Size
  
  54B
- MD5
  
  2c2ab565234a1f154e189b3f86c5ce8f
- SHA1
  
  7f56231ab8d62bbd501dcba759921381df38df40
- SHA256
  
  aca54eb5644ed6da4443dd496d77c4f39d0bce5b94382422f64cd727c07742e4
- SHA512
  
  6b71814e152c533b40d37eeeefe782bba758864b7fd251588530880dc4e7fa4447b8faf2356f4ff4def3373a7815981b9731952528949a37a5156c83b9492d28
Score

10^/10

icedid 998075300 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  whale-x32.dat
- Size
  
  421KB
- MD5
  
  20b30c0f6558e2418099a6b637e1bcbf
- SHA1
  
  ff85ef45fd6df57460317a56787c75ad50606d18
- SHA256
  
  2bfcc54113417a6fa37c20bcdd944d5955c13681f50a176f9b47a14206fd1744
- SHA512
  
  a0e80e2811a0d03fc28be4716f7ca16d7dcb10cb92d52bdbd452c10174ad9561a540974206beb6e23d66fcd5b2d4a23f72020dcee63e112f7ce360ca051b30eb
- SSDEEP
  
  12288:0gUuikbzjDBGGidp60AHqpKKkmFKpBDoX:euik/BGGiP
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid998075300bankercore_loadertrojan

behavioral2

icedid998075300bankercore_loadertrojan

behavioral3

behavioral4