icedid | f5c1d83115be1b4802f2ed3eea337e6df578fa441abf1cde24c00d8ddee38dae | Triage

Sharing

General

Target

awake32.tmp.zip
Size

460KB
Sample

230413-s2wayacd43
MD5

9e88a0f5f38e9551c3e3c63e2c12e87e
SHA1

469529ff7919b0c71bf04720cae9471e22dfab14
SHA256

f5c1d83115be1b4802f2ed3eea337e6df578fa441abf1cde24c00d8ddee38dae
SHA512

705ba6345bd18c8fbe769bb85cd76c1c34d6db2fe2cce41c2f427062039891dfafcd51d976c99c95ba1ea581c5afeb6f9abe9b5a7d72a8f2a279223a527894f4
SSDEEP

12288:AYxtJ95OHZg8gHHoWqYq4J4nSVL29Mh6TSd:AII54HoWzJ4n89ky

Score

10^/10

icedid 2646410796 banker core_loader trojan

Malware Config

Extracted

Family

icedid

Botnet

2646410796

C2

abigelofraj.com

yhorneedminf.com

Attributes

auth_var
16
url_path
/news/

Targets

- Target
  
  awake32.tmp
- Size
  
  235KB
- MD5
  
  586069431de993344e781ece9607b24e
- SHA1
  
  27fee626b02b60862e8a1d8ea93a681c92bd385a
- SHA256
  
  02de2d5cafef10c90d0dca658524c9a36b09cb6bd9482373f0e644393faea5da
- SHA512
  
  068b18bc7651ca23a87e585a5aa2029115fa3f9abc04d89c62cacb5f404866ac79d8823e53e1b5c56cd4dd88b03c0bca56a961a359fd872ab420223ed05f117a
- SSDEEP
  
  6144:jtjTQl3Tn4zZZDRuptdPTcfm8cpOuJC8DRv/ni/s5Xg:jtjkWzZZQptdPTKccucD
Score

3^/10
behavioral1 behavioral2
- Target
  
  run.bat
- Size
  
  52B
- MD5
  
  0d05c5d81313dc589b57df12401e6688
- SHA1
  
  44f72793d2490dc34e728450df342cbe4cbebd74
- SHA256
  
  45ea9ebc1d93a95f935a90c0d113bd85fbe7db040aaa6692b22594a669c6b973
- SHA512
  
  56e9e9e52f1db72f32bd5079500e3af3b04662c8a0e0b2e9d2b93023d260eeaab42512f7ecd76a4e8a9a318fd07471ccbbc241fb8777a98472da9ad238554a6c
Score

10^/10

icedid 2646410796 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid2646410796bankercore_loadertrojan

behavioral4

icedid2646410796bankercore_loadertrojan