icedid | c2069a4a7d426a5063d1dffa812bb1d658e2332a9f392013b5fec4abb702323e | Triage

Sharing

General

Target

spellx64.tmp.zip
Size

460KB
Sample

230412-1dj7rsgh3t
MD5

1095f4064c5b77a70384e5914b93771c
SHA1

9bb122df8224e25995f8caf4381a75b8cc316efa
SHA256

c2069a4a7d426a5063d1dffa812bb1d658e2332a9f392013b5fec4abb702323e
SHA512

9c9232b5f2e7bb6c3d07412699f882eb8de08a66e1c9e2adfdd36c800c2b9614021848170dfc8537f992d784a32c0ee778e5969bb445c9ee695157601541de72
SSDEEP

12288:yYG1+qyhZg8gHHoWqYq4J4nSVL29Mh6TSg:yHyL4HoWzJ4n89kL

Score

10^/10

icedid 996387740 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

996387740

C2

troffyfrutlot.com

askamoshopsi.com

Attributes

auth_var
11
url_path
/news/

Targets

- Target
  
  run.bat
- Size
  
  53B
- MD5
  
  f44526f2bbdc636f790e4be88742f044
- SHA1
  
  5f3908756adf6ad2d4aa7e9b7993891043c41b61
- SHA256
  
  b4e70f1e550631e7c19df528acb8ec267e26520637c86aa9976c8337d07b3ab6
- SHA512
  
  80b88cdd2815803770e9713af3fc65a436fad3afa340b25a03712808af27e36c00dd79f419cdc422a142c6106fd64d27ab6f8f7cde622b5e9232921a3b1efeae
Score

10^/10

icedid 996387740 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  spellx64.tmp
- Size
  
  235KB
- MD5
  
  81e9e69f45fed15df6ecc459e6cb5159
- SHA1
  
  6dd510a073197af946c1d5848dfb256288229a9e
- SHA256
  
  54802dfe4d6649595cff08b24ba12a79556db99188fcc6a467d9b82d4307af00
- SHA512
  
  3b1e4ba925106f3e71a37dddc7905a7d218a80e061ddba34144693d0e9de5b65cc82434e23f03d6e4673978d6d31e46a272323d6d8f4c22a14a5dec4f8d29e6a
- SSDEEP
  
  6144:jtjTQl3Tn4zZZDRuptdPTcfm8ppOuJC8DRv/ni/sBB8yUB:jtjkWzZZQptdPTKpcucO
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid996387740bankercore_loadertrojan

behavioral2

icedid996387740bankercore_loadertrojan

behavioral3

behavioral4