icedid | 023ddba7d96abf55f72c27f5538d5fd32e0be92e69e5098ed2ea5aee7d37849d | Triage

Sharing

General

Target

f6852f5a685abe51236f0604b829bc9f_JaffaCakes118
Size

628KB
Sample

240417-yce6badd7v
MD5

f6852f5a685abe51236f0604b829bc9f
SHA1

b1b852a74ccb4a92778a70bbffe9bb829b1e73c3
SHA256

023ddba7d96abf55f72c27f5538d5fd32e0be92e69e5098ed2ea5aee7d37849d
SHA512

fc459539c9de06c5db908b8a51970a6b50a31b5ddad236e60dcc86a9765fbb903cf9d551fdd5088d3adaf546c89496e30aafd5d8e166eed7ad94ce33fdcbd2b4
SSDEEP

12288:lq8dbV5LfWraDZT0VW8yMppxBviTUrL+Rg:EQbDfWmd0Y29iTML+R

Score

10^/10

icedid 2893882777 banker loader trojan

Malware Config

Extracted

Family

icedid

Extracted

Family

icedid

Botnet

2893882777

C2

lovuterry.best

boatergrip.top

puppybloder.pw

bloadypupper.best

Attributes

auth_var
10
url_path
/audio/

Targets

- Target
  
  f6852f5a685abe51236f0604b829bc9f_JaffaCakes118
- Size
  
  628KB
- MD5
  
  f6852f5a685abe51236f0604b829bc9f
- SHA1
  
  b1b852a74ccb4a92778a70bbffe9bb829b1e73c3
- SHA256
  
  023ddba7d96abf55f72c27f5538d5fd32e0be92e69e5098ed2ea5aee7d37849d
- SHA512
  
  fc459539c9de06c5db908b8a51970a6b50a31b5ddad236e60dcc86a9765fbb903cf9d551fdd5088d3adaf546c89496e30aafd5d8e166eed7ad94ce33fdcbd2b4
- SSDEEP
  
  12288:lq8dbV5LfWraDZT0VW8yMppxBviTUrL+Rg:EQbDfWmd0Y29iTML+R
Score

10^/10

icedid 2893882777 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID Second Stage Loader
  loader
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

icedid2893882777bankerloadertrojan

behavioral2

icedid2893882777bankerloadertrojan