icedid | ac99aa6b0162d71f33b1e9b286e9d0ed899ab449ac29040e494c4fb4b9b87d4d | Triage

Sharing

General

Target

convert-pdf-691.js
Size

44KB
Sample

230913-ml1mtsbc9w
MD5

baab807d9799ba81b6cf672d75af688a
SHA1

5a6ebb01034e9ab3b719db948db259fe2fa2e84f
SHA256

ac99aa6b0162d71f33b1e9b286e9d0ed899ab449ac29040e494c4fb4b9b87d4d
SHA512

b06019d06c4945bf62ab2a8116b495d19e3fd95693550a66fa9304b3e193c04b3a4ed4e5b29123e42ab2aff4074f52d10709de5890ec1497c295dfc71e109c57
SSDEEP

384:/2eY5d0Bp7w2l/uYvxsDxb9Q5tbauRFvSefk1EK4s0QDQZWifIPguWYvLETAMg61:uTC3l2yDSef6EMveZgP8UJq58z293l

Score

10^/10

icedid 909843654 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

909843654

C2

restohalto.site

Targets

- Target
  
  convert-pdf-691.js
- Size
  
  44KB
- MD5
  
  baab807d9799ba81b6cf672d75af688a
- SHA1
  
  5a6ebb01034e9ab3b719db948db259fe2fa2e84f
- SHA256
  
  ac99aa6b0162d71f33b1e9b286e9d0ed899ab449ac29040e494c4fb4b9b87d4d
- SHA512
  
  b06019d06c4945bf62ab2a8116b495d19e3fd95693550a66fa9304b3e193c04b3a4ed4e5b29123e42ab2aff4074f52d10709de5890ec1497c295dfc71e109c57
- SSDEEP
  
  384:/2eY5d0Bp7w2l/uYvxsDxb9Q5tbauRFvSefk1EK4s0QDQZWifIPguWYvLETAMg61:uTC3l2yDSef6EMveZgP8UJq58z293l
Score

10^/10

icedid 909843654 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid909843654bankerloadertrojan