icedid | 71b5dc8fec75d1efb17f4738129efd2b47fef5c3442d3993239c0ac8c29d533c

Resubmissions

05-02-2024 11:12

240205-na8dzagdbq 10

05-02-2024 11:04

240205-m6lpeaebc9 3

Sharing

Copy URL

Twitter E-mail

General

Target

inv.iso
Size

526KB
Sample

240205-na8dzagdbq
MD5

b0ea13990301f024fb3fbf1ca8bbaf4d
SHA1

a3a81e04e129c1de8cef7dc883916a1f5021658b
SHA256

71b5dc8fec75d1efb17f4738129efd2b47fef5c3442d3993239c0ac8c29d533c
SHA512

86a03a0a0bc9c1f5f3e19763f0a136d7c92e12507f06c7e5909e759389fb9d5625569514a466d73f9e3e65ebb187f83811e589224bc4b0c720b1cdeca05cede5
SSDEEP

6144:/S5kfebzXgBXKlDcWHamQlDFlDvUmVlDTBQdBbqPBzKbCOd2slDHOshCTlcZn1Pu:/S5kdzBQ8ogPxiBqL0hOTPxSQKHEqiZ

Score

10^/10

Malware Config

Extracted

Family

icedid

Campaign

2745070743

cootembrast.com

Targets

- Target
  
  inv.iso
- Size
  
  526KB
- MD5
  
  b0ea13990301f024fb3fbf1ca8bbaf4d
- SHA1
  
  a3a81e04e129c1de8cef7dc883916a1f5021658b
- SHA256
  
  71b5dc8fec75d1efb17f4738129efd2b47fef5c3442d3993239c0ac8c29d533c
- SHA512
  
  86a03a0a0bc9c1f5f3e19763f0a136d7c92e12507f06c7e5909e759389fb9d5625569514a466d73f9e3e65ebb187f83811e589224bc4b0c720b1cdeca05cede5
- SSDEEP
  
  6144:/S5kfebzXgBXKlDcWHamQlDFlDvUmVlDTBQdBbqPBzKbCOd2slDHOshCTlcZn1Pu:/S5kdzBQ8ogPxiBqL0hOTPxSQKHEqiZ
Score

3^/10
behavioral1
- Target
  
  out.iso
- Size
  
  526KB
- MD5
  
  b0ea13990301f024fb3fbf1ca8bbaf4d
- SHA1
  
  a3a81e04e129c1de8cef7dc883916a1f5021658b
- SHA256
  
  71b5dc8fec75d1efb17f4738129efd2b47fef5c3442d3993239c0ac8c29d533c
- SHA512
  
  86a03a0a0bc9c1f5f3e19763f0a136d7c92e12507f06c7e5909e759389fb9d5625569514a466d73f9e3e65ebb187f83811e589224bc4b0c720b1cdeca05cede5
- SSDEEP
  
  6144:/S5kfebzXgBXKlDcWHamQlDFlDvUmVlDTBQdBbqPBzKbCOd2slDHOshCTlcZn1Pu:/S5kdzBQ8ogPxiBqL0hOTPxSQKHEqiZ
Score

1^/10
behavioral2
- Target
  
  Unpaid_order-.lnk
- Size
  
  1KB
- MD5
  
  fa364a1cf654186f48204e6bdf456b63
- SHA1
  
  b50d418398b1b5fbb248bcd063fbad18174f8f7a
- SHA256
  
  d9a8ff6e4302ed79d0e6c9bafb7e4adf7ff9b30ae6fedbffadb5061f6642658d
- SHA512
  
  c03bd180d034f8ccfb41114298f8b565781cdb4d009710fa60da04e5ef0bd6142998938503dc72afb7c6f87aa0809cac477c74d5d6b76e43dd9782923b2abf3b
Score

3^/10
behavioral3
- Target
  
  also/by.gif
- Size
  
  36KB
- MD5
  
  08832f70f70051af1e333f55a5831177
- SHA1
  
  f92d02387b8ea01ee8774b7478a9d2edf2241d30
- SHA256
  
  9cff2120eaada1e3f78dedc8441dd521374bde472df998ed533793d6b9f45cf7
- SHA512
  
  fc54b981f385fa42fabcb5df5646eda33e3d453713fe01efc16d7d11aae3f2067f207f0434d52993b59c8c7156dec595ea19b0611784b3f8018283da793d1b9b
- SSDEEP
  
  768:RzipGJ3GzIq30tin+SNo5svSzqjWAC4Wu0/brIT:0QUtEtin+SNMJuTWt/gT
Score

1^/10
behavioral4
- Target
  
  also/get.txt
- Size
  
  242KB
- MD5
  
  8de30ee3be338f27921eb8cfa5b95571
- SHA1
  
  d1b58eb5aab93a49c0ced3701e2b1bbc540e63d1
- SHA256
  
  b8aaf33cb48aa39a41700384f9dee291ceadfed830bed67dca7488f558a23957
- SHA512
  
  a87177315c68a1b0947f3aa1db422fac6ed399838d7b5b91997bf6c8ae435fcf43500ac39642fa3da36a718891b4fc0a722e081b2c6d606d6fe20dacb1207e93
- SSDEEP
  
  6144:3ebzXgBXKlDcWHamQlDFlDvUmVlDTBQdBbqPBzKbCOd2slDHOshCTlcZns:FzBQ8ogPxis
Score

1^/10
behavioral5
- Target
  
  also/like.dat
- Size
  
  102KB
- MD5
  
  70ca4fdb88ee6c19ca5c2fd9ad190991
- SHA1
  
  b25460176e51cbac31c3265aa812cd74c33af9f6
- SHA256
  
  1c66b9a445e00b352652452d5a328a9290f295f59d5047c31d9e79afbc73a340
- SHA512
  
  f89d507a417be50d9251df99e766b28036fa00f7671772645e9cd07455ed1a450a7fd6692a6d18e0cfa8bacb08c1ccc305ee60c7c97eb8a543fe4923a6535ae0
- SSDEEP
  
  1536:ZpYpbLoPFd6rqUU6f5fKiPojZvHLvDIOwZs2uJsR8LbvvtdHD+K9qI2qfiY:ZQo+pKiPqLDIhv2L+Izfr
Score

10^/10

icedid 2745070743 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
behavioral6
- Target
  
  also/on.gif
- Size
  
  30KB
- MD5
  
  6e7488150b4f46f9544604cb0a2d075b
- SHA1
  
  7f0e90950211125a40f18ef87f9c708161bf382d
- SHA256
  
  4fb89bdfe31b76ef1862a4a75b62227f7a25b505610b6455f56425b1ddf6d5b7
- SHA512
  
  f7a1fb2c1082ce154dd9828e9732574114c2bfe833da9c81bcc603977d11c2a996c9f85400a58dab3706a82ca5fc06d74ad5008cf41f77420da9eb51d7baf07e
- SSDEEP
  
  768:xZVLAgjXFlEndSJ4Oa72reCzkLSLUa8xQyFnnWe:xvfDFMdSJpaireCzkLSYNxQy57
Score

1^/10
behavioral7
- Target
  
  also/there.gif
- Size
  
  19KB
- MD5
  
  55d8018603e642fb5082e472d8860fef
- SHA1
  
  d45d8626dbda480efd3329c1755519ecb983ccf1
- SHA256
  
  9b10ddd47a7b1d4bfe0c59cd040b4cec491f54dc4803ed8a5ae1a1fb6fc84d69
- SHA512
  
  92d08800a6cd42546c18b09e52e4c00c327209a7130e717e5ea5f0fe268abe92b709b3d9293fd8f7cee649dc05c4013f091ecb04a0a6bd9186856e0fc682f261
- SSDEEP
  
  384:4KGWO0wA1447cxSJm6MqEAhGTZJB7VMX9Dn6UnnKuNfmjG:M0w0Z4SoDTZVOLnnrEjG
Score

1^/10
behavioral8
- Target
  
  also/what.gif
- Size
  
  28KB
- MD5
  
  2fba2991550314b7e0f0444857ceafce
- SHA1
  
  3bd82e03b9188f4739fe9e9274e10c8a7a9a9351
- SHA256
  
  e66882ebcfd63a958d1c1d09eae886b7985a0161acea748e7336822eebc2d7d6
- SHA512
  
  ffaacde655bb5aec56bc79848d365e3e760f03325304fe2cbefd6e9b9008b963e07ad88c94b9be03d457053275dcaeaa2163e521ff12f69c4e3cee6efa8ebe6c
- SSDEEP
  
  768:S/4MmAmbY+9pGCI/l24zvbtCDSAv6pPwO+fZgM1yMNqLemXr:S/MnWCI/l24zztCDSAv6pPsf0demXr
Score

1^/10
behavioral9
- Target
  
  also/worker.cmd
- Size
  
  37B
- MD5
  
  ca31d778ae1348c5303a41eb7aff7db2
- SHA1
  
  42b5026ebf8f06b7feb7afc25e3d2a3feb9786b7
- SHA256
  
  7807d8a39d8eff1f69a77220ac2105a5149c19fb5d0a8673f3cf1e127b7b43ee
- SHA512
  
  cc7b3498d6e442cf18ac52a27c11d868f11e4bc90b2b8243c2feeee8f9e135c9f5c6a1de746a96dc470ed8bde21afe51bd712a96ee34cf0e7da891a2057c4581
Score

1^/10
behavioral10
- Target
  
  also/worker.js
- Size
  
  596B
- MD5
  
  b831d812278417ea694d047196ebd48f
- SHA1
  
  19a115e555e0377f408b53a3fefe473110ad784b
- SHA256
  
  f86e32aa7f4792678a29f9cebee103afc9461991a6e49580263c7620295b1928
- SHA512
  
  082c4b6e0b0b462571daedc10e4404f96acc0eca2cf623f2741f591819fabd652955e2a45bbf007c71d666eec09c2c5080073dfb05b3a5accdc5cc4892aa23ec
Score

1^/10
behavioral11

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

IcedID, BokBot

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11