icedid | 25b6e2be767d85f668b15e3acee6076a7e74f12128ec067775c6ec24e0707c4b | Triage

Sharing

General

Target

Unpaid_March_17.zip
Size

5KB
Sample

230318-gzwyxade5t
MD5

53dd748c8c29676cc2f31dc41545c162
SHA1

e612c4e24e0416db9c61623a37c0ea0b5bc7056e
SHA256

25b6e2be767d85f668b15e3acee6076a7e74f12128ec067775c6ec24e0707c4b
SHA512

be2d8901367801b9672edd4ba13222f24eee897230e217b7053ad65125f899bfa6bda8f2abb5d10688c3d5c72ed8d3915bf414831e5b0fce201bbfadb080d778
SSDEEP

96:HZt2VvWEe9ol6HBFbdNdC17+rwDo1vKZvew5TZxClXlVPFbWvJ0kL:H2G957e+rw0YNlEPqTL

Score

10^/10

icedid 946873669 banker loader trojan

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://conalom.top/gatef1.php

Extracted

Family

icedid

Campaign

946873669

C2

umoxlopator.com

Targets

- Target
  
  Unpaid_03_17_Copy#82.js
- Size
  
  12KB
- MD5
  
  bef0e81b04fdf1c19a5c7fee8e1974e4
- SHA1
  
  956020f277d64abfe742ba8687853f6fc5052689
- SHA256
  
  f1481a3f86cdaee1e707bb93e26adedf3bb7665ed840431c6c1c473a41e9fa67
- SHA512
  
  940d4629db1a91d292c8537cad16b16bc04ac3b2f28f3dcf2eeba7910b22b841d4ec815f66a88c82e9258dff04ea8bcd13626752a063ef313416c0f9a6404d2c
- SSDEEP
  
  192:zm0KUNutRNkR3aEfiHEiAuaWF3Kc0medXPcNjPnqUOR6n6m2Kj:z4UNu3NIaXEifRKc08Nj/rjF
Score

10^/10

icedid 946873669 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

icedid946873669bankerloadertrojan

behavioral2

icedid946873669bankerloadertrojan