icedid | caaffbb1e04082773558571e95bbc5cb302614406292710e6104ab85fcf3927e | Triage

Sharing

General

Target

48607c0547ccd1084ba5a994d3bd56fb_JaffaCakes118
Size

267KB
Sample

240729-qcm7xszbpr
MD5

48607c0547ccd1084ba5a994d3bd56fb
SHA1

56fb1057faafaa61907e2364c1825366bf37d1d8
SHA256

caaffbb1e04082773558571e95bbc5cb302614406292710e6104ab85fcf3927e
SHA512

6becc8752272493cd0a01777a52b5348ec553c1e23f98597ded88dbe73c36fc47b0eceb2bb4dcdff7f19e1ccfe1a9b95b4bd71d81eb8d15b4ebabc0914935433
SSDEEP

3072:WKCvsQ1ZkyvvaVn5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoC+vytr7UtkiBvPLiAOg3kaeXV6y

Score

10^/10

icedid banker discovery loader trojan

Malware Config

Extracted

Family

icedid

C2

wertigohol.click

Targets

- Target
  
  48607c0547ccd1084ba5a994d3bd56fb_JaffaCakes118
- Size
  
  267KB
- MD5
  
  48607c0547ccd1084ba5a994d3bd56fb
- SHA1
  
  56fb1057faafaa61907e2364c1825366bf37d1d8
- SHA256
  
  caaffbb1e04082773558571e95bbc5cb302614406292710e6104ab85fcf3927e
- SHA512
  
  6becc8752272493cd0a01777a52b5348ec553c1e23f98597ded88dbe73c36fc47b0eceb2bb4dcdff7f19e1ccfe1a9b95b4bd71d81eb8d15b4ebabc0914935433
- SSDEEP
  
  3072:WKCvsQ1ZkyvvaVn5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoC+vytr7UtkiBvPLiAOg3kaeXV6y
Score

10^/10

icedid banker discovery loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedidbankerdiscoveryloadertrojan

behavioral2

icedidbankerdiscoveryloadertrojan