icedid | c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106 | Triage

Sharing

General

Target

c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106_JC.vbs
Size

1012KB
Sample

231012-xzqpwsaf6s
MD5

76461b5f5b53971ee56faeb25cdcd9af
SHA1

cde5434ed5f46e711c9c2a30ce195e3c8cc7d590
SHA256

c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106
SHA512

ac45584da5b4fdc326d642e10ed2328bc804291999ebe7a23bd6ae378389abb42676f6a90f863ae3fef17f783e347dfe74a2eef12ef6e24e002559fb43bdd10f
SSDEEP

6144:HoyDeQWPJ80bynilzMLwDaHhyvHr82Vqx+DBtBukOTWa1s/zGup+9n0Ixpfj3tla:jxTMW74c2BtUhm0ZL9O/jTLb/cXo/

Score

10^/10

icedid 361893872 banker trojan

Malware Config

Extracted

Family

icedid

Campaign

361893872

Targets

- Target
  
  c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106_JC.vbs
- Size
  
  1012KB
- MD5
  
  76461b5f5b53971ee56faeb25cdcd9af
- SHA1
  
  cde5434ed5f46e711c9c2a30ce195e3c8cc7d590
- SHA256
  
  c1ef40e8ab20ce2ae541a4b2a21de4ccedd94a212d049b39ea392959cecb0106
- SHA512
  
  ac45584da5b4fdc326d642e10ed2328bc804291999ebe7a23bd6ae378389abb42676f6a90f863ae3fef17f783e347dfe74a2eef12ef6e24e002559fb43bdd10f
- SSDEEP
  
  6144:HoyDeQWPJ80bynilzMLwDaHhyvHr82Vqx+DBtBukOTWa1s/zGup+9n0Ixpfj3tla:jxTMW74c2BtUhm0ZL9O/jTLb/cXo/
Score

10^/10

icedid 361893872 banker trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid361893872bankertrojan

behavioral2

icedid361893872bankertrojan