icedid | 045bf7ea6ea419f43ef8cba44dffb9727e205f1b983f418acc655e66b2de8c1d | Triage

Resubmissions

17/07/2023, 10:29

230717-mh8t2aca5s 10

14/05/2023, 09:58

230514-lzglfabe43 10

Sharing

General

Target

045bf7ea6ea419f43ef8cba44dffb9727e205f1b983f418acc655e66b2de8c1d.exe
Size

606KB
Sample

230717-mh8t2aca5s
MD5

1390522ffab99c828865258eb7a6aa8c
SHA1

cc2da386b0bca123c7fe5b7568ca69644ffaf947
SHA256

045bf7ea6ea419f43ef8cba44dffb9727e205f1b983f418acc655e66b2de8c1d
SHA512

0dfd1403bf1ac506ceac717c1051375687dd9730c77889e118583160a4168e7a24437109c59a356c961ff4098a1c5a92f1d1add8ab309b30621cae6e3a5119cb
SSDEEP

12288:ylOUH52LLvBH1f4SZ/USfXPiu1+3JxMnsBzXT80ZqC:ylOUH52LdH1gSlUsp+3XMuv8

Score

10^/10

icedid 997059431 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

997059431

C2

gintoonafa.com

Targets

- Target
  
  045bf7ea6ea419f43ef8cba44dffb9727e205f1b983f418acc655e66b2de8c1d.exe
- Size
  
  606KB
- MD5
  
  1390522ffab99c828865258eb7a6aa8c
- SHA1
  
  cc2da386b0bca123c7fe5b7568ca69644ffaf947
- SHA256
  
  045bf7ea6ea419f43ef8cba44dffb9727e205f1b983f418acc655e66b2de8c1d
- SHA512
  
  0dfd1403bf1ac506ceac717c1051375687dd9730c77889e118583160a4168e7a24437109c59a356c961ff4098a1c5a92f1d1add8ab309b30621cae6e3a5119cb
- SSDEEP
  
  12288:ylOUH52LLvBH1f4SZ/USfXPiu1+3JxMnsBzXT80ZqC:ylOUH52LdH1gSlUsp+3XMuv8
Score

10^/10

icedid 997059431 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid997059431bankerloadertrojan

behavioral2

icedid997059431bankerloadertrojan