icedid | 99c1060f61d53bab5328cf79116d02352979e93348957455af21f2182a952631 | Triage

Sharing

General

Target

99c1060f61d53bab5328cf79116d02352979e93348957455af21f2182a952631
Size

364KB
Sample

241221-vz4weavkbp
MD5

187a7c0895e92536fb49272c9222e322
SHA1

bab4c30f88ad53ad8947292151c059cc78947ccb
SHA256

99c1060f61d53bab5328cf79116d02352979e93348957455af21f2182a952631
SHA512

08accd06d5041c0f12af62d7652f8272fc8874ff3e48f5073e9ec45ad7a3692797ce83d0ca802da137bdfe385917c33c3330444c34af16965eec65c2f546175b
SSDEEP

6144:eWVqGqr8w0JzpapmeprYgSlG+wGrZ8VU2reGodTp+/rZRUk4tFXbVBoPvRgLP9LS:pVqGqCzpEm6tnGrOVUR8itFbVmxIljXK

Score

10^/10

icedid 1892568649 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

1892568649

C2

baeswea.com

bersaww.com

biglaneat.com

northspaceline.co

Attributes

auth_var
11
url_path
/news/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core/cmd.bat
- Size
  
  192B
- MD5
  
  d83b7c6acb3c5f829f37216f5df0ac80
- SHA1
  
  17df2dab6a14e6d8e74c64f0afe318d8d6b6dda1
- SHA256
  
  0c4de9d5c061edbf453497374e031f533d5dd012e5d655ea8ad8bc914c1caa02
- SHA512
  
  e33f7bd757ef84d8c317eec90e6657decc0dafee9006231b86bfdecbeb3dc5f4c0b717cd2290e13e0d9d0e96a3f51917d50b30a0a10add8f663f08efd99ab31a
Score

10^/10

icedid 1892568649 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  core/future_64.dat
- Size
  
  113KB
- MD5
  
  e7317be4cdc343ccb724bede45bfee1b
- SHA1
  
  1cc27c2b4321c8c92f8be36dcdcbfec6d46e6ea2
- SHA256
  
  32a660a70c9e0893d820dc8d9bc89b4e419d45e7874127de58443aa22a423631
- SHA512
  
  ea486b98a75e4b6e565a80333612a02e822d916d0c1be03559253299c4e162215da4e17f2fb84ff5f124bf9e1a469da828e2465b69553c66c0b7f2c358faca2f
- SSDEEP
  
  1536:n/lGl9mBCBLFQ9MzJSEOh+hHagKOX3xIdCbfanzUNFuXQ3AwnsWIxew012UnQUkq:/wlABCBC9M4EpbZHCMkEkB
Score

10^/10

icedid 1892568649 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1892568649bankercore_loadercore_payloadtrojan

behavioral2

icedid1892568649bankercore_loadercore_payloadtrojan

behavioral3

icedid1892568649bankercore_loadertrojan

behavioral4

icedid1892568649bankercore_loadertrojan