icedid | 32ee3a4074bff70f212b88233f37f72796982c3e579fcdcc7c773ae5c41ae010 | Triage

Sharing

General

Target

Document_09_13_927.js
Size

43KB
Sample

231014-b3ewxaac5z
MD5

03677c4079fafd6413c5552f3d6da926
SHA1

28f14a816b7fb22630c7d59af9d404f51dab4f69
SHA256

32ee3a4074bff70f212b88233f37f72796982c3e579fcdcc7c773ae5c41ae010
SHA512

debf24ab43ea09c567afe47e5289fad62fb19e7d8d1d6401e466feec1f1da84e3652e06854750e0911cdeead48b7a86bfeb74e440ca43bbda9588162da9875fc
SSDEEP

384:eo/1qDp3h548/pzFhb2uhK2U2yoWmfrL4tuEsSRqQ1SDIJnjOsetOI88s8vr6z1d:/qHLi+lIR6J2kzqpaJfs9

Score

10^/10

icedid 1638996626 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1638996626

C2

minutozhart.online

Targets

- Target
  
  Document_09_13_927.js
- Size
  
  43KB
- MD5
  
  03677c4079fafd6413c5552f3d6da926
- SHA1
  
  28f14a816b7fb22630c7d59af9d404f51dab4f69
- SHA256
  
  32ee3a4074bff70f212b88233f37f72796982c3e579fcdcc7c773ae5c41ae010
- SHA512
  
  debf24ab43ea09c567afe47e5289fad62fb19e7d8d1d6401e466feec1f1da84e3652e06854750e0911cdeead48b7a86bfeb74e440ca43bbda9588162da9875fc
- SSDEEP
  
  384:eo/1qDp3h548/pzFhb2uhK2U2yoWmfrL4tuEsSRqQ1SDIJnjOsetOI88s8vr6z1d:/qHLi+lIR6J2kzqpaJfs9
Score

10^/10

icedid 1638996626 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

icedid1638996626bankerloadertrojan