icedid | 2b1b70620d094715aa5a2fae87d2d3e5b33d845ebd525f86a8a6869d0ffd462b | Triage

Sharing

General

Target

spellx64.tmp.zip
Size

460KB
Sample

230413-q48myabg87
MD5

28ead1779b72cf7ef10aa2cdb6c2e465
SHA1

cfc4c688f4293689eb646324460b8699e8bb7739
SHA256

2b1b70620d094715aa5a2fae87d2d3e5b33d845ebd525f86a8a6869d0ffd462b
SHA512

5a68cfc0999deffc97f12ea25422848f4df8fff5125521a64d00cfde9b61a7542b2a89766765a4b87a2bb6b78a7112f8bf7fe89e188e832d7746d05ac114218b
SSDEEP

12288:zYG1+qyYZg8gHHoWqYq4J4nSVL29Mh6TSO:zHya4HoWzJ4n89k1

Score

10^/10

icedid 996387740 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

996387740

C2

troffyfrutlot.com

askamoshopsi.com

Attributes

auth_var
11
url_path
/news/

Targets

- Target
  
  run.bat
- Size
  
  53B
- MD5
  
  f44526f2bbdc636f790e4be88742f044
- SHA1
  
  5f3908756adf6ad2d4aa7e9b7993891043c41b61
- SHA256
  
  b4e70f1e550631e7c19df528acb8ec267e26520637c86aa9976c8337d07b3ab6
- SHA512
  
  80b88cdd2815803770e9713af3fc65a436fad3afa340b25a03712808af27e36c00dd79f419cdc422a142c6106fd64d27ab6f8f7cde622b5e9232921a3b1efeae
Score

10^/10

icedid 996387740 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2
- Target
  
  spellx64.tmp
- Size
  
  235KB
- MD5
  
  81e9e69f45fed15df6ecc459e6cb5159
- SHA1
  
  6dd510a073197af946c1d5848dfb256288229a9e
- SHA256
  
  54802dfe4d6649595cff08b24ba12a79556db99188fcc6a467d9b82d4307af00
- SHA512
  
  3b1e4ba925106f3e71a37dddc7905a7d218a80e061ddba34144693d0e9de5b65cc82434e23f03d6e4673978d6d31e46a272323d6d8f4c22a14a5dec4f8d29e6a
- SSDEEP
  
  6144:jtjTQl3Tn4zZZDRuptdPTcfm8ppOuJC8DRv/ni/sBB8yUB:jtjkWzZZQptdPTKpcucO
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid996387740bankercore_loadertrojan

behavioral2

icedid996387740bankercore_loadertrojan

behavioral3

behavioral4