icedid | 3118ae5d1126fe2fd3a1290cfd9fe7bba6bdf9fcc16985938e9836d57d30f617 | Triage

Sharing

General

Target

Inv08_09_2022pdf.iso
Size

568KB
Sample

241031-tr7fwsspdn
MD5

0c1c69926928a21c45372ade29cf9ad2
SHA1

22192915215690c426cfe8c3eabf5a95ff2f05db
SHA256

3118ae5d1126fe2fd3a1290cfd9fe7bba6bdf9fcc16985938e9836d57d30f617
SHA512

e63f38ef814c80e3b74565d1bb9cb6bf02deccbe1f179481bbf6d244e8ba0066ec52174062d3c4e46c7abb7156512f5a006820b0219b60303c84a2e0cca0a223
SSDEEP

6144:B5p0YG8VUizUWf9dJMlDeBbxHXJNxbxNlDJAMbIWlb+lDzcXaipWWm/Wuxu5/bb9:Bv0CjBtmQHuqlemyA+uhDu

Score

10^/10

icedid 3278368455 banker execution loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3278368455

C2

qropalhouse.com

Targets

- Target
  
  Invoice-August-09-2022pdf.lnk
- Size
  
  1KB
- MD5
  
  5fef8177335544814b43a7e4f3b5ce70
- SHA1
  
  c4b9bb0a71ebf10f29093790173ef288a32bfeeb
- SHA256
  
  c5c69024221bd9943981b9955e76c887cd4f60984bb7ddc92c545998e6223cef
- SHA512
  
  157d19f942a33b6dc25093f85d63f241a1958adc73b2fb2bf5b7dd08777a7c7bffea2ec4ef0e0f3a3b82af981de483c3107e6824b20dd9f0248526fd3d80e987
Score

3^/10
behavioral1 behavioral2
- Target
  
  your/nowThoseUseBecauseAs.txt
- Size
  
  72KB
- MD5
  
  170194c9488465d15770096d2ba0a5a7
- SHA1
  
  4adb12eef133ec38af94beb02e0738dcb91e8188
- SHA256
  
  0ce6490ad077abddd822df8a947242b1ac6df7769f151bd822c7c3e5737f2912
- SHA512
  
  50a95d80879bb7e04bc5f924b22896b626007e9e6c6b4362037362a46758d2f530647956f8997608f1e838b028f514ec4919e5f9159d785f6ecfa3bd2d02bd43
- SSDEEP
  
  1536:mhLGLV+ssUSmFmglk1w6pAyHO9j3omunfqRO/EucM/sgtQIA:mhLGLomSU7O1z89j3oznfqRO/E0/sgt
Score

10^/10

icedid 3278368455 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4
- Target
  
  your/orInHowPeopleWe.js
- Size
  
  404B
- MD5
  
  06ebd04bb03b0c21b940c07bfa80d193
- SHA1
  
  8f6d75e2fafc8c448fd9e1ade8b3916058cf5efd
- SHA256
  
  fa29eb8864ca60b8483e75027ebe66a76305e0418033ba31d74a905549246338
- SHA512
  
  b3d95b661c17efe9e6bc0134be334bc75755c6fb86147f0a98b4d8fb48e33024a5bb8c5c364ac6cfe78be65cacfbfe85367cc07391b5f85b003894918c1ffd14
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  your/theThingWithInWay.bat
- Size
  
  62B
- MD5
  
  d1057670e23effd35865205dd1358c96
- SHA1
  
  c954930f9af5d942ac9277a94d4dfe1eda140b83
- SHA256
  
  bbd87df5a81659cfd946abff6fba3c37b609d140ac3318abeceadf11fbd06fae
- SHA512
  
  34ac348f063cae67c2560c45a0c3772e6a604f51f8638e6ed0ec53811e5beaef6db0b1cde1991ce8c39cddf8916c964bdd3fbe193cd1f31439ce1d7a8b6fc198
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

icedid3278368455bankerloadertrojan

behavioral4

icedid3278368455bankerloadertrojan

behavioral5

behavioral6

behavioral7

behavioral8