icedid | 0fb7388c69ef9d2d892e6edc7eff8c86ce6f6659c88d347234acaa1a382e22ba | Triage

Sharing

General

Target

s.zip
Size

109KB
Sample

240214-xtz2daae6x
MD5

749d7876d8999d9b8389ef866ba926b8
SHA1

7a92f5fb0c219959d234fc972e850490dcd4128d
SHA256

0fb7388c69ef9d2d892e6edc7eff8c86ce6f6659c88d347234acaa1a382e22ba
SHA512

78e28025c8f8627c39c29a40b451190001b43c936dd97aec488f3479796d3782a5654fa95781fde9eb0eed683f86c0c828108059d75ef0bd8e717e20c33e8615
SSDEEP

1536:10d+vSnOjo6B6UH4HC+xCa+PWbFnggILRcl2kCpJz6Fuzp8PwMyuaPBv7Fwv2ejR:1uuSOjGUHQBbFrvWp56oCPytHwv9qq

Score

10^/10

icedid 612758225 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

612758225

C2

pildofraften.com

Targets

- Target
  
  db7cd6d0f75ddf78e0e6e09119d9071df07b50ef3f5289d474921adba4f35047.iso
- Size
  
  2.1MB
- MD5
  
  bdd4128c92d89cccfc0ac99c04a2a7bd
- SHA1
  
  8a10896b54bc29bebd08e791a9c9de294c01913a
- SHA256
  
  db7cd6d0f75ddf78e0e6e09119d9071df07b50ef3f5289d474921adba4f35047
- SHA512
  
  390c9810a6aa3f0c387ef4a20d463c69db0e689b6a2226846a5ca4d66a4759d7ad14551a844589d1df4a9b8e1f10eaf28953005b687b5c20911a36b4e4238073
- SSDEEP
  
  12288:UiHw0sbzwD4FwpH5qCwfwM+A5n5RwUwjwEQwJw+wXcdwnTwuwJwxewGw90wHwMwk:UV
Score

10^/10

icedid 612758225 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid612758225bankerloadertrojan