icedid | 741331c3e6a3900fff68bb894de8a3f713446c518be84fd2379aa7210082ed85 | Triage

Sharing

General

Target

072288accefa8457d435b21f7220deac_JaffaCakes118
Size

224KB
Sample

240728-dwnlksydpb
MD5

072288accefa8457d435b21f7220deac
SHA1

81bcda74daa9f510e258e7c592588a0bc2fe9b3d
SHA256

741331c3e6a3900fff68bb894de8a3f713446c518be84fd2379aa7210082ed85
SHA512

18d6e0f33277a97597ecd033625f740e8884a89fce8d96e27e2bbaba0a3025a6b62ea05dfc9f7eda3cb5084d7705ea066d6b534c31abac2f76110568b31b1142
SSDEEP

3072:U6VYA6I0oElwS9ciW+eM+ppv2LHFgp6+7bUSrtB0J3B1rq46vqDyPIKpPLq/M:UWxXElK+Spv26wSlt6JR1YSDuImq/M

Score

10^/10

icedid banker discovery loader trojan

Malware Config

Extracted

Family

icedid

C2

loadberlin.casa

Targets

- Target
  
  072288accefa8457d435b21f7220deac_JaffaCakes118
- Size
  
  224KB
- MD5
  
  072288accefa8457d435b21f7220deac
- SHA1
  
  81bcda74daa9f510e258e7c592588a0bc2fe9b3d
- SHA256
  
  741331c3e6a3900fff68bb894de8a3f713446c518be84fd2379aa7210082ed85
- SHA512
  
  18d6e0f33277a97597ecd033625f740e8884a89fce8d96e27e2bbaba0a3025a6b62ea05dfc9f7eda3cb5084d7705ea066d6b534c31abac2f76110568b31b1142
- SSDEEP
  
  3072:U6VYA6I0oElwS9ciW+eM+ppv2LHFgp6+7bUSrtB0J3B1rq46vqDyPIKpPLq/M:UWxXElK+Spv26wSlt6JR1YSDuImq/M
Score

10^/10

icedid banker discovery loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedidbankerdiscoveryloadertrojan

behavioral2

icedidbankerdiscoveryloadertrojan