icedid | fab34d1f0f906f64f95b9f244ae1fe090427e606a9c808c720e18e93a08ed84d | Triage

Sharing

General

Target

12102023_1143_0371-1_icedid_forked.dll
Size

328KB
Sample

231012-d9q9mada6w
MD5

bf15a998fd84bee284ae9f7422bda640
SHA1

e51217efb6e33fca9f7c5f51e5c3a4ae50499a37
SHA256

fab34d1f0f906f64f95b9f244ae1fe090427e606a9c808c720e18e93a08ed84d
SHA512

d7506cb1f7906fd9fb4a06904ed929c4cc187396e40d477b83945d7035e45f03237270abe3f6bcf8f3e6f54bb99392fc069f0582667e2bb6ad8d80f91a11f968
SSDEEP

6144:XN/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmU8iNnAXs:X5FCOWGRayW6sAowXFmUfZ

Score

10^/10

icedid 361893872 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

- Target
  
  12102023_1143_0371-1_icedid_forked.dll
- Size
  
  328KB
- MD5
  
  bf15a998fd84bee284ae9f7422bda640
- SHA1
  
  e51217efb6e33fca9f7c5f51e5c3a4ae50499a37
- SHA256
  
  fab34d1f0f906f64f95b9f244ae1fe090427e606a9c808c720e18e93a08ed84d
- SHA512
  
  d7506cb1f7906fd9fb4a06904ed929c4cc187396e40d477b83945d7035e45f03237270abe3f6bcf8f3e6f54bb99392fc069f0582667e2bb6ad8d80f91a11f968
- SSDEEP
  
  6144:XN/F41OWGRkFtwxW6spj/JbUaeboh6EReEUHFmU8iNnAXs:X5FCOWGRayW6sAowXFmUfZ
Score

10^/10

icedid 361893872 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

icedid361893872bankertrojan

behavioral2

icedid361893872bankertrojan