icedid | a99e22965dd129f70ffacdf4548faa9cf07929bf8cf455af870984ae0d85d11e | Triage

Sharing

General

Target

83c7e8caf25d2b9859fb0f94c902b523_JaffaCakes118
Size

267KB
Sample

240809-2a3elsweqa
MD5

83c7e8caf25d2b9859fb0f94c902b523
SHA1

f423f6247f018e3c7e033653be54c6aaff5ff0b9
SHA256

a99e22965dd129f70ffacdf4548faa9cf07929bf8cf455af870984ae0d85d11e
SHA512

c747c1d5cf6dabaa05462b1cb1a56dee9ad76e4a563956821a76558a9cf52f0039b74b7ce61b72e6a8de660ccfaf696d3e49e6fdbf8b455dbd189fee5106c8f5
SSDEEP

3072:WKCvsQ1ZkyvvaVB5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoCUvytr7UtkiBvPLiAOg3kaeXV6y

Score

10^/10

icedid banker discovery loader trojan

Malware Config

Extracted

Family

icedid

C2

wertigohol.click

Targets

- Target
  
  83c7e8caf25d2b9859fb0f94c902b523_JaffaCakes118
- Size
  
  267KB
- MD5
  
  83c7e8caf25d2b9859fb0f94c902b523
- SHA1
  
  f423f6247f018e3c7e033653be54c6aaff5ff0b9
- SHA256
  
  a99e22965dd129f70ffacdf4548faa9cf07929bf8cf455af870984ae0d85d11e
- SHA512
  
  c747c1d5cf6dabaa05462b1cb1a56dee9ad76e4a563956821a76558a9cf52f0039b74b7ce61b72e6a8de660ccfaf696d3e49e6fdbf8b455dbd189fee5106c8f5
- SSDEEP
  
  3072:WKCvsQ1ZkyvvaVB5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoCUvytr7UtkiBvPLiAOg3kaeXV6y
Score

10^/10

icedid banker discovery loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedidbankerdiscoveryloadertrojan

behavioral2

icedidbankerdiscoveryloadertrojan