icedid | 25b6e2be767d85f668b15e3acee6076a7e74f12128ec067775c6ec24e0707c4b | Triage

Sharing

General

Target

Unpaid_March_17.zip
Size

5KB
Sample

230318-gzwyxade5t
MD5

53dd748c8c29676cc2f31dc41545c162
SHA1

e612c4e24e0416db9c61623a37c0ea0b5bc7056e
SHA256

25b6e2be767d85f668b15e3acee6076a7e74f12128ec067775c6ec24e0707c4b
SHA512

be2d8901367801b9672edd4ba13222f24eee897230e217b7053ad65125f899bfa6bda8f2abb5d10688c3d5c72ed8d3915bf414831e5b0fce201bbfadb080d778
SSDEEP

96:HZt2VvWEe9ol6HBFbdNdC17+rwDo1vKZvew5TZxClXlVPFbWvJ0kL:H2G957e+rw0YNlEPqTL

Score

10^/10

icedid 946873669 banker loader trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://conalom.top/gatef1.php

Extracted

Family

icedid

Campaign

946873669

C2

umoxlopator.com

Targets

- Target
  
  Unpaid_03_17_Copy#82.js
- Size
  
  12KB
- MD5
  
  bef0e81b04fdf1c19a5c7fee8e1974e4
- SHA1
  
  956020f277d64abfe742ba8687853f6fc5052689
- SHA256
  
  f1481a3f86cdaee1e707bb93e26adedf3bb7665ed840431c6c1c473a41e9fa67
- SHA512
  
  940d4629db1a91d292c8537cad16b16bc04ac3b2f28f3dcf2eeba7910b22b841d4ec815f66a88c82e9258dff04ea8bcd13626752a063ef313416c0f9a6404d2c
- SSDEEP
  
  192:zm0KUNutRNkR3aEfiHEiAuaWF3Kc0medXPcNjPnqUOR6n6m2Kj:z4UNu3NIaXEifRKc08Nj/rjF
Score

10^/10

icedid 946873669 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid946873669bankerloadertrojan

behavioral2

icedid946873669bankerloadertrojan