icedid | 56c5630b16bf7772d467ee7b9f97d6fbbaebf3abf8991a6549a24e047f6d8ab0 | Triage

Sharing

General

Target

56c5630b16bf7772d467ee7b9f97d6fbbaebf3abf8991a6549a24e047f6d8ab0
Size

444KB
Sample

241221-t741pstjey
MD5

018291eaa5f98dd192583d3c78bb0bdd
SHA1

a386d586cf7e1df8d7ce4ffcb521d32771555acb
SHA256

56c5630b16bf7772d467ee7b9f97d6fbbaebf3abf8991a6549a24e047f6d8ab0
SHA512

b72bc844c2b2da043cfb82aba38963cd916de62c69cda800bf925f695f6f0d7014a98ca15c4e71026faf1a575077bbcb3efc73ed4d6bbcd377506070686dd94a
SSDEEP

12288:451PKswIIuxTbp4oTOgQpdlG21I89ipNc4sRXh:OsswIIsTbiKQhpHACXh

Score

10^/10

icedid 3984935437 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

rsa_pubkey.plain

Extracted

Family

icedid

Botnet

3984935437

C2

footballer.bid

2kilozhiraffe.club

aristomosuga.top

viryigamaps.top

Attributes

auth_var
3
url_path
/news/

Targets

- Target
  
  core/cmd.bat
- Size
  
  187B
- MD5
  
  f9024ea7ab8f15514c195828d99fbd8f
- SHA1
  
  fd6647533ddd5dc904c88e57e8c00101d8636863
- SHA256
  
  9772b3d6906d3c7a2ec38a5b14da55bd9e744ec4359f601da5eeba013bbda65b
- SHA512
  
  a0f837d981c592ca4d39b34997e3c97b4189ffeb9fe10a90ed488c3c8ac6dadbf08cca360edce2ee2a009ed64624db4533fe88e71753da59082878a1204237ae
Score

10^/10

icedid 3984935437 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  core/hungry-.tmp
- Size
  
  409KB
- MD5
  
  0296c609b96e00b054cf1465ed6a119d
- SHA1
  
  3faed3575c32b6db185e0ec868fbcbd0d047eb64
- SHA256
  
  9e66e3c10cd5b0528d48391421bf50b1068e358a9696818b0dfd88a16ee66f5a
- SHA512
  
  a4eb46e1b141636480daf48802b56b5f21b012fa1ee8ac12e93753034183abfc985d529e6ed03d34176a00c812ff7a948c9184e1148585622e7436133c60023e
- SSDEEP
  
  3072:XsC9wHRejrwRuDggl4acQnVglOuSF0xDNAK/kFGZOOmg2hIxHBbQgV1:FwHRSuSll4acQn2AikOmkbQgH
Score

10^/10

icedid 3984935437 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3984935437bankercore_loadercore_payloadtrojan

behavioral2

icedid3984935437bankercore_loadercore_payloadtrojan

behavioral3

icedid3984935437bankercore_loadertrojan

behavioral4

icedid3984935437bankercore_loadertrojan