icedid | 3ff23f059a6349fc8c4db8dbf312aea52438e5eb9c085b30889666fc6f65b0e1 | Triage

Sharing

General

Target

3ff23f059a6349fc8c4db8dbf312aea52438e5eb9c085b30889666fc6f65b0e1
Size

420KB
Sample

241221-v8detavmcm
MD5

f33f1ea34746fc446526c0a891e21ebc
SHA1

86418be5f019eb7952b3e17b4a9d59af54d56bb0
SHA256

3ff23f059a6349fc8c4db8dbf312aea52438e5eb9c085b30889666fc6f65b0e1
SHA512

de583642f19efb4f293400234ad7ee3580d1e0a5c3ca12f651fd55f203088ddb6057ca3ba9944d92c798035b350c7368bbd8560ada925a3279826039861000ff
SSDEEP

12288:1WYQ9HY96DaOgXV+xytrDtdGZMi1ypzuQ:AYhk+NXVltrDIn1w

Score

10^/10

icedid 2354879232 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

2354879232

C2

gadverjo.com

hevciak.com

reseptors.com

smallbadcity.com

Attributes

auth_var
13
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  cd3bdf58de37eece564f8fba168598d3
- SHA1
  
  244261d4d0087ad54085a336d268dd9e6e8bba04
- SHA256
  
  0aef9f9f7d660d03591f5514445992ace6b01c3986b6864309e0acb90dadc28a
- SHA512
  
  15900093569a86e2d6e46fdf63c3cc28a8dd597c8b32ea04a7e72c45d444dcef6a44c83828b957e1868f9d499939629ad8f3f4412e273fdd8d07b418b40a22bf
Score

10^/10

icedid 2354879232 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  fruit_32.tmp
- Size
  
  164KB
- MD5
  
  515f99d5ed98e5caab7505696cbca2b5
- SHA1
  
  7b2e5f92d2ebb0d70ec1b44584122d5ab7935e7d
- SHA256
  
  8c9e46da57e4edc2353f61c4bfa275c6ec3d277276aa9289214b602d0dece68a
- SHA512
  
  ef1ff438cf0f2728cb9c85dd6850fce5c0c202c80f795370b64482980d81d541abec9c974403796d139ab84d6c2307ddf2952ec531ed4a2975fb107069c942d9
- SSDEEP
  
  3072:zgjO2yg5iUN+Sh0dCh/0HSMRNXM+OCMNego6AZ+qZoz:ztjg5bThmM2SQNMAZ+q
Score

10^/10

icedid 2354879232 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid2354879232bankercore_loadercore_payloadtrojan

behavioral2

icedid2354879232bankercore_loadercore_payloadtrojan

behavioral3

icedid2354879232bankercore_loadertrojan

behavioral4

icedid2354879232bankercore_loadertrojan