icedid | b85a0e5ff75ad8ccb59ea7214e9d76f2f70b17d4ba09eb210ce9e1f0d0f66677 | Triage

Sharing

General

Target

33305bd983f4293fa9d7b898c21f6bbc_JaffaCakes118
Size

267KB
Sample

240729-cvrfeaybmj
MD5

33305bd983f4293fa9d7b898c21f6bbc
SHA1

0341c6c63197e9c5134958fe5d88afbc00c8f798
SHA256

b85a0e5ff75ad8ccb59ea7214e9d76f2f70b17d4ba09eb210ce9e1f0d0f66677
SHA512

b14d3ff79a3c82449a81af418f04eb752f207e5ea8418056bfa1fced7368810a8f607c5e061fb98caf425d3232ab446a5fdcffe26ba41d73e4c1f4cc08e1bd56
SSDEEP

3072:WKCvsQ1ZkyvvaVH5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoCmvytr7UtkiBvPLiAOg3kaeXV6y

Score

10^/10

icedid banker discovery loader trojan

Malware Config

Extracted

Family

icedid

C2

wertigohol.click

Targets

- Target
  
  33305bd983f4293fa9d7b898c21f6bbc_JaffaCakes118
- Size
  
  267KB
- MD5
  
  33305bd983f4293fa9d7b898c21f6bbc
- SHA1
  
  0341c6c63197e9c5134958fe5d88afbc00c8f798
- SHA256
  
  b85a0e5ff75ad8ccb59ea7214e9d76f2f70b17d4ba09eb210ce9e1f0d0f66677
- SHA512
  
  b14d3ff79a3c82449a81af418f04eb752f207e5ea8418056bfa1fced7368810a8f607c5e061fb98caf425d3232ab446a5fdcffe26ba41d73e4c1f4cc08e1bd56
- SSDEEP
  
  3072:WKCvsQ1ZkyvvaVH5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoCmvytr7UtkiBvPLiAOg3kaeXV6y
Score

10^/10

icedid banker discovery loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedidbankerdiscoveryloadertrojan

behavioral2

icedidbankerdiscoveryloadertrojan