icedid | ac32c32a9367fd405d2d8978dbad69c47d5e18681feeb5fe85ec44a801793533 | Triage

Sharing

General

Target

MalSample.rar
Size

456KB
Sample

230413-qb69each7t
MD5

8132c191cd60dd59fb226de8d30c506a
SHA1

c45cc017a2a079da871cc67aabed6ac7c6b0f753
SHA256

ac32c32a9367fd405d2d8978dbad69c47d5e18681feeb5fe85ec44a801793533
SHA512

36fb1b2649e369ae456086ae358d11e8dc75d0c38b0988a37ee3b6531007d8ea3932fb8f50aaf46c997cd460a3e70a62ea3a3f044f6dea69749a4d63f7ffe94a
SSDEEP

12288:n14wgDHoEAYqmD47SrLy9M16TSsU6z0sttN:1yHoEhD47UBQdUAntN

Score

10^/10

icedid 998075300 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

998075300

C2

alishaskainz.com

villageskaier.com

Attributes

auth_var
56
url_path
/news/

Targets

- Target
  
  opsuwp.dll
- Size
  
  285KB
- MD5
  
  9ab998c75a337aebfd1a5700edf913a1
- SHA1
  
  7dee076aa147d680bc3b032ce1fc985d86266e00
- SHA256
  
  5953f8f23092714626427316dd66ff2e160f03d2c57dcb1a4745d2e593c907ae
- SHA512
  
  626034ab533dbc8610fe4ead3ca02f74852ea825c04e5dcd29d1edef32f8fd29f36a5e777e4a1612da1f955dd912a5ec3fc38ddbf46cd4cbd0d1f8d995c4ea23
- SSDEEP
  
  6144:0M7fzNyxW2+E6jz98fTa628qFGMReiDJnD5K:0xW2N6GfiVGSz
Score

10^/10

icedid 998075300 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

icedid998075300bankercore_loadertrojan

behavioral2

icedid998075300bankercore_loadertrojan