icedid | fd6bab35a50fe31eaa9c8ab86e61786c79a7b23dd447610ba1a9617e8267acbd | Triage

Sharing

General

Target

Document_08_22_83358.js
Size

32KB
Sample

230822-yn6seage7v
MD5

b94169d7fcf7fb3ce08fa95e4676da37
SHA1

f389244207b1f9804ea386586413c3fb84cb4e21
SHA256

fd6bab35a50fe31eaa9c8ab86e61786c79a7b23dd447610ba1a9617e8267acbd
SHA512

cbb56626ffe274fb4a1df0ead028800201b1910279f9581bd0503db7f42ed85b8b9006961d2f8ed01ea2d847097625f123d1244cea236204ecf28064a7208540
SSDEEP

384:0gjih/zrnbNun0FJBEZyyZHVjv2AgpZyJpszYWk7Pqo5Vze4Cll6aogReLyxcB19:BiAs2ck2UskWe75AVdMt+kj68VrrAhwt

Score

10^/10

icedid 4089554921 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

4089554921

C2

manderatapple.com

Targets

- Target
  
  Document_08_22_83358.js
- Size
  
  32KB
- MD5
  
  b94169d7fcf7fb3ce08fa95e4676da37
- SHA1
  
  f389244207b1f9804ea386586413c3fb84cb4e21
- SHA256
  
  fd6bab35a50fe31eaa9c8ab86e61786c79a7b23dd447610ba1a9617e8267acbd
- SHA512
  
  cbb56626ffe274fb4a1df0ead028800201b1910279f9581bd0503db7f42ed85b8b9006961d2f8ed01ea2d847097625f123d1244cea236204ecf28064a7208540
- SSDEEP
  
  384:0gjih/zrnbNun0FJBEZyyZHVjv2AgpZyJpszYWk7Pqo5Vze4Cll6aogReLyxcB19:BiAs2ck2UskWe75AVdMt+kj68VrrAhwt
Score

10^/10

icedid 4089554921 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid4089554921bankerloadertrojan