icedid | 3895b41b550ca122c96553429abf593561da5f37f8cb6d70d2b93d8c66d1fdcd | Triage

Sharing

General

Target

george__breath.dll
Size

679KB
Sample

230414-hwnzkaac6w
MD5

6278213a09f353332c1d1cb8cef920a1
SHA1

6ae06099b31c30f8eaee2d0e4214e78fabac7a45
SHA256

3895b41b550ca122c96553429abf593561da5f37f8cb6d70d2b93d8c66d1fdcd
SHA512

8867ad8e0ff7d9e539ebc83719c5e93a170ad9f06014661b9595ff4417cb7afd61dd0e2eecb99d6496eaf5165851e40703913508e8cea4f3f63c4e1447ddaa4a
SSDEEP

6144:bQ+yhfEfzTxhI43zNOluFa98Hrpi6GLZ/8LxpU61OHMvK8yZ9rs9:bNBPRpGLUl1OHM4bs9

Score

10^/10

icedid 2909555027 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

2909555027

C2

guversaksi.com

Targets

- Target
  
  george__breath.dll
- Size
  
  679KB
- MD5
  
  6278213a09f353332c1d1cb8cef920a1
- SHA1
  
  6ae06099b31c30f8eaee2d0e4214e78fabac7a45
- SHA256
  
  3895b41b550ca122c96553429abf593561da5f37f8cb6d70d2b93d8c66d1fdcd
- SHA512
  
  8867ad8e0ff7d9e539ebc83719c5e93a170ad9f06014661b9595ff4417cb7afd61dd0e2eecb99d6496eaf5165851e40703913508e8cea4f3f63c4e1447ddaa4a
- SSDEEP
  
  6144:bQ+yhfEfzTxhI43zNOluFa98Hrpi6GLZ/8LxpU61OHMvK8yZ9rs9:bNBPRpGLUl1OHM4bs9
Score

10^/10

icedid 2909555027 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

icedid2909555027bankerloadertrojan