icedid | cb5ef68d4ff35c16e61cd5f9144545938e967515398862ba35b3bc51ed2d7d9c | Triage

Sharing

General

Target

8012fc5d50095169e92680bc7d2cb392.bin
Size

464KB
Sample

230421-b62j3sfd7y
MD5

2accdaa2764aa49a3a78d4d07485b6da
SHA1

60befb11b35d74d37b7ed1ce2986f330e139bf3c
SHA256

cb5ef68d4ff35c16e61cd5f9144545938e967515398862ba35b3bc51ed2d7d9c
SHA512

293c54372166e9dae371c5cbac28d4ba9ae40df5161341d793f14b31cdfb46a9a631ef6e1f60d91b2ebd23538321bca82994732a5beb7bb342687807acf0d25e
SSDEEP

12288:xHuGtIlHEQ5XSVoA2kYsgjO9hrrwA+OXamhQ1gJcR:5yEQ5iVhUeLR+f9CcR

Score

10^/10

icedid 422998217 banker loader persistence trojan

Malware Config

Extracted

Family

icedid

Campaign

422998217

C2

skigimeetroc.com

Targets

- Target
  
  5f5f78266fddd18f3db7791b4980df2d13184de9d1c5ac39c49751e25f83ca17.exe
- Size
  
  1.1MB
- MD5
  
  8012fc5d50095169e92680bc7d2cb392
- SHA1
  
  41a34528a66e21224d9d3b36ad5e36c8534a7b2d
- SHA256
  
  5f5f78266fddd18f3db7791b4980df2d13184de9d1c5ac39c49751e25f83ca17
- SHA512
  
  c7905f765cd91b28040e65ca1cc8bc0e4eda492ae1297e8fe2c8c74d7efecb89e04ef881af7cc34ad9b269e87b09e204d8304105de56a463957ed215963c853d
- SSDEEP
  
  24576:Vtkb6a0dGxJ4H70Qa8oCHpx7Dr325d5Gsoc2mFBm:VCb6jGQ7YCnLsoc2mFBm
Score

10^/10

icedid 422998217 banker loader persistence trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Registers COM server for autorun
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid422998217bankerloaderpersistencetrojan

behavioral2

icedid422998217bankerloaderpersistencetrojan