icedid | 02e4d08f6b3a5bb50d2a9d072cfc4bdf772a18b6be26840e0bd80bf2c7aadbd6 | Triage

Sharing

General

Target

tongue.dat.zip
Size

726KB
Sample

230330-s2mzkaef9s
MD5

0160d1c5d3c4fd731b4094665a34a614
SHA1

4c36fa451d65fbb59e6cf3588955efd29dbd9587
SHA256

02e4d08f6b3a5bb50d2a9d072cfc4bdf772a18b6be26840e0bd80bf2c7aadbd6
SHA512

0a67c5e94ff1c365eeeb19b7b5081f1b69a6c2c93ff89de63b66fe388cb1b23708f280541d5399746cf8aa5014eab62299a539f2823b90c67cf0144e647b6459
SSDEEP

12288:hlP1w8z4zp/TlkBU9/TbrAFsLmaQ5TbNse2gy67iflXcckOZSPKeFIi638kr/MIb:V9ArlkWbrAMqThse2ge9XcckdPBOi631

Score

10^/10

icedid 2941939166 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2941939166

C2

neaachar.com

gyxplonto.com

Attributes

auth_var
11
url_path
/news/

Targets

- Target
  
  run.bat
- Size
  
  51B
- MD5
  
  12fe58c575846da3818d55007ca93ccc
- SHA1
  
  ae26400e4e80576d654bdb805bc22dc01145b64e
- SHA256
  
  09105de99bf4654a5d3b30ff3fd60839e630f04e1d816303d93d83bae77ecf07
- SHA512
  
  d568928b3a38632f67768c13b25f1d3fd4f2300d4411892c9135ff5c58bf073c10cd6bebb8edb272248fc9f18daf270534bc87fa9932af53c5d75d1c36c3afa8
Score

10^/10

icedid 2941939166 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  tongue.dat
- Size
  
  652KB
- MD5
  
  593798127b998f4c0c964993c4777f43
- SHA1
  
  abbc64497161a0d75a6da838690499a35f84905a
- SHA256
  
  5b4de15ef1c7d59e01a19d68eefe17c8675ae374747abf3954f58a75e72c47aa
- SHA512
  
  4090d8d2f3e93a40b670a2f2d315e063ee608c46d1cd28c4d420eb057fb5437e1ab73910ca1012e8f464743affc53f060c671e6f64a5a8da006b376d1d6322d6
- SSDEEP
  
  12288:YhjtdIswfXcLrxDrEjks0GJfmIdz2e5IyrmWVjh3Sj09QJlRik:YhjtdwulDYDBXp2AAkjh3ilRik
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid2941939166bankercore_loadertrojan

behavioral2

icedid2941939166bankercore_loadertrojan

behavioral3

behavioral4