icedid | d506c154b70c0a3b8af90986c24a26ba5eebc79edcc8c9770c440f1a8ccb7273 | Triage

Sharing

General

Target

custom64.tmp.zip
Size

455KB
Sample

230316-y2tp1acf83
MD5

c1864b6262bc30b7f0885c0d01213826
SHA1

ce3a8600bdafe7fa67436d5e95cac8d588118ddf
SHA256

d506c154b70c0a3b8af90986c24a26ba5eebc79edcc8c9770c440f1a8ccb7273
SHA512

4b9ead213724315d9f9a45807174df76c8aef951efc4e736b35f0ef69d7312227c63638d9f7d248f2027d364caf53745a6ea8295663314166f7a3391bb79a14b
SSDEEP

12288:zlP1w8z4zp/TlkBU9/TbrAFsLmaQ5TbNse2gyO2EAxRE2C+us:b9ArlkWbrAMqThse27EpB+us

Score

10^/10

icedid 998075300 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

998075300

C2

alishaskainz.com

villageskaier.com

Attributes

auth_var
38
url_path
/news/

Targets

- Target
  
  custom64.tmp
- Size
  
  207KB
- MD5
  
  c8f7720e945008e04493ea699cbaa85d
- SHA1
  
  86734b4b6225c74a873fa5d05499ffd789555dcd
- SHA256
  
  2b12310f63f340b03b5f3733ec0d58da68e3b21b1354b09968c719cb9a186c44
- SHA512
  
  b20d1a0a49f3ee5bf055d5bac6b5fe87dff5dc19cc3d15a0ea33149422f73cf85a1b1e73205af6b869ff41c2a1f5370a9b739b68fef222352c5ddcc0b098234a
- SSDEEP
  
  3072:Itg8fg2Dt5+XMtG7vAdHY+a46hQffi3KRmOssy0JIFw+tOHFZk:t842L+cg7vAHQ46hIa3KLI/u
Score

1^/10
behavioral1 behavioral2
- Target
  
  run.bat
- Size
  
  53B
- MD5
  
  a45a7559ecb0911fe1c6c96d49b4dfa3
- SHA1
  
  e181510c21f2d7b596da2b50a0c7e2b66bf97423
- SHA256
  
  a741232d4c960155a201fec2383f094c5967f1d883592d7b3d01a830fa3eda58
- SHA512
  
  0a48070e063bd979147185de92ab3275c78c551ed4377b96269980e9da288bbefe015e75f449e7fa34123fd3fa4f2ca098128934baf433a99b972836607ca541
Score

10^/10

icedid 998075300 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid998075300bankercore_loadertrojan

behavioral4

icedid998075300bankercore_loadertrojan