icedid | 12a8c191d20c1f29213eca2789ac26feef1aa927f31758adefd0db768e35a3f3

General

Target

12a8c191d20c1f29213eca2789ac26feef1aa927f31758adefd0db768e35a3f3
Size

31KB
Sample

241221-trk8nasqdm
MD5

fbf5c3cf349308e3571e1f61ea201e86
SHA1

7ff1245ddbdea2ed0e1323d0b4caaaeb7454601f
SHA256

12a8c191d20c1f29213eca2789ac26feef1aa927f31758adefd0db768e35a3f3
SHA512

b1e538eaf26dfde33d8d6b6902d33ce4dda7a9938e7b9c30e40428e18e76114e8e5650c9ba7be042b11179812638576aba327d737723edc66b8ef51a4fa54bbb
SSDEEP

768:MBDp5iKzCvHdUklfVSsJFHQ7RSC1COFF8FuZujc58bv8R:WiOkldSsXHiRJCOX8FuZgfbvM

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

icedid

Campaign

497724135

C2

ovedfromasi.top

Targets

- Target
  
  69e2bc37da2c8a6f25fce37a024aca628f8216cb0ddcf70e1e55766eae011bf2
- Size
  
  70KB
- MD5
  
  3f031c12c95a4b52b74e08d4b0d76830
- SHA1
  
  3a6443c08d8233b4e62e3ab47950061620225e75
- SHA256
  
  69e2bc37da2c8a6f25fce37a024aca628f8216cb0ddcf70e1e55766eae011bf2
- SHA512
  
  ab271d995c7de00466cd8a84dc5f63b25ec866bd0c61ba0decfaa951091718bf9a35412b7b14ec046fb131d7641bcb73486f524820fd9d3d29413ce03a2e2d71
- SSDEEP
  
  1536:iXUu70LgnxWl7f/3jWCgiMthg8Mi3lHg9gIgmfgCjMiAOqTu/+vXWPbge96Lr4hH:iwL6W5fPKCNAXMixmHBfFzmu/mAbgwzh
Score

10^/10

discovery icedid 497724135 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

IcedID, BokBot

Icedid family

Process spawned unexpected child process

Blocklisted process makes network request

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2