icedid | 5712de8ced9e5624c0ecd193c678727fafeaa53debdbf2fa79b12a515d900c10 | Triage

Sharing

General

Target

guitar-.tmp.zip
Size

428KB
Sample

230411-q3wa8aed5v
MD5

af4c6f9959ff073744477e071afb7cfe
SHA1

afa0df607c1926b05b666674ab0f913ef89487d5
SHA256

5712de8ced9e5624c0ecd193c678727fafeaa53debdbf2fa79b12a515d900c10
SHA512

b1be17473b63c580824b703b09daed1a75d15c57117e1819e3ad8e7de2f983314198a2e44bcc7bcb8e04fca500e800c5cfb213f7bf296db75e8328e1bfb11738
SSDEEP

6144:joJ3QDJHGKGf7pmU+dRp4p20Mz/yPohHogLJp7uYqzcDNRy/JCxwOSPaVLGT59Mo:U6FGKSZg8gHHoWqYq4J4nSVL29Mh6TSc

Score

10^/10

icedid 998075300 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

998075300

C2

alishaskainz.com

villageskaier.com

Attributes

auth_var
55
url_path
/news/

Targets

- Target
  
  guitar-.tmp
- Size
  
  173KB
- MD5
  
  e039ce79e3a9d650806825d71645ab0a
- SHA1
  
  1f601dcdba03cc3d55549b4dfb54ebd0438ea527
- SHA256
  
  fb648c38dde52c658e84887971a4d43430c31c0efedc34d4fda59679a57aa27e
- SHA512
  
  f3dba586f4cc7c6df174e36cef171cf6cd3e8c6ae9ae84ad731b10673ef045174e73cc1bb0b99510aba137d87dce7c2385e2da54b287c0f9aceda56343a05ead
- SSDEEP
  
  3072:FV2WglkAu1fn9Tb88lIAZAvYQl1YXJNi9Tr67YlxSz73CUQskVD1lThqfFiz2Ecj:FV2WglkAu1fn9Tb88OAZAPlQi9TrPfSJ
Score

3^/10
behavioral1 behavioral2
- Target
  
  run.bat
- Size
  
  52B
- MD5
  
  f48c6ca166cd1c784456253696146bea
- SHA1
  
  82bc0c4435b0ff1d7dbd271b67713db81a529ec1
- SHA256
  
  7c4167678967ec80002a8a841f79e652c1302f18061cf360814a2f573811061d
- SHA512
  
  d11abf6e813989b4b1b6815b207b91082950090297a380efe2d9d3c20433f256719850dad72007a1788dcb333b3dd0f8828cd0cce2c0d0cea5fb65b2cf2129e5
Score

10^/10

icedid 998075300 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid998075300bankercore_loadertrojan

behavioral4

icedid998075300bankercore_loadertrojan