icedid | 01c9f99bfec9b672a6cbe2bd465345e7b28ebbe32bae53f675b6ee2746e20335 | Triage

Sharing

General

Target

8c12edf1891afd90359d66a2405b7ee7_JaffaCakes118
Size

267KB
Sample

240811-1h1ejsteph
MD5

8c12edf1891afd90359d66a2405b7ee7
SHA1

2b7dfdff6a0bbf5741fd1cd8438589b663d6cb9d
SHA256

01c9f99bfec9b672a6cbe2bd465345e7b28ebbe32bae53f675b6ee2746e20335
SHA512

1b6897e1e627298e6a68c1a0ba334cd37c7c8726eff656a369d3ce8783a932fb84c3329ad3d362e27c4d10b241bcacadeb50087c8948af461e69f5eed7a56f64
SSDEEP

3072:WKCvsQ1ZkyvvaVB5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoCQvytr7UtkiBvPLiAOg3kaeXV6y

Score

10^/10

icedid banker discovery loader trojan

Malware Config

Extracted

Family

icedid

C2

wertigohol.click

Targets

- Target
  
  8c12edf1891afd90359d66a2405b7ee7_JaffaCakes118
- Size
  
  267KB
- MD5
  
  8c12edf1891afd90359d66a2405b7ee7
- SHA1
  
  2b7dfdff6a0bbf5741fd1cd8438589b663d6cb9d
- SHA256
  
  01c9f99bfec9b672a6cbe2bd465345e7b28ebbe32bae53f675b6ee2746e20335
- SHA512
  
  1b6897e1e627298e6a68c1a0ba334cd37c7c8726eff656a369d3ce8783a932fb84c3329ad3d362e27c4d10b241bcacadeb50087c8948af461e69f5eed7a56f64
- SSDEEP
  
  3072:WKCvsQ1ZkyvvaVB5wW760YyUu5VELUUtg7+HqOtTsTERJLGvumPOUIrLeAg0FujH:LQrkoCQvytr7UtkiBvPLiAOg3kaeXV6y
Score

10^/10

icedid banker discovery loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- IcedID First Stage Loader
  loader
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedidbankerdiscoveryloadertrojan

behavioral2

icedidbankerdiscoveryloadertrojan