icedid | 307cc25df1c7bce25edc38c84a735724421ce082b2c7490b9e55df2652e29481 | Triage

Resubmissions

21-12-2024 18:53

241221-xjl2rswrak 10

21-12-2024 18:47

241221-xfbfvswmgy 10

Sharing

General

Target

JaffaCakes118_307cc25df1c7bce25edc38c84a735724421ce082b2c7490b9e55df2652e29481
Size

490KB
Sample

241221-xjl2rswrak
MD5

643f31487e7183994959a4dd434dd53c
SHA1

9d25c2dfc7e14609b1a94b8d026de4245dfb1c0f
SHA256

307cc25df1c7bce25edc38c84a735724421ce082b2c7490b9e55df2652e29481
SHA512

d0eb734fee178fda8488a687a830212384ddd72ded02a522eec8a506743e0406efc7aa4d823bd449439eec46774d28fcc7faaa4c0fa717e5303fbbfce7ee0939
SSDEEP

12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRN:knmj6xK1y3Ik6TZGRN

Score

10^/10

icedid 3467965077 banker discovery loader trojan

Malware Config

Extracted

Family

icedid

Campaign

3467965077

C2

firenicatrible.com

Targets

- Target
  
  JaffaCakes118_307cc25df1c7bce25edc38c84a735724421ce082b2c7490b9e55df2652e29481
- Size
  
  490KB
- MD5
  
  643f31487e7183994959a4dd434dd53c
- SHA1
  
  9d25c2dfc7e14609b1a94b8d026de4245dfb1c0f
- SHA256
  
  307cc25df1c7bce25edc38c84a735724421ce082b2c7490b9e55df2652e29481
- SHA512
  
  d0eb734fee178fda8488a687a830212384ddd72ded02a522eec8a506743e0406efc7aa4d823bd449439eec46774d28fcc7faaa4c0fa717e5303fbbfce7ee0939
- SSDEEP
  
  12288:mFnmEQb6xK6EOcEELeBdUDBBe6pLtzPhGHUaRN:knmj6xK1y3Ik6TZGRN
Score

10^/10

icedid 3467965077 banker discovery loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid3467965077bankerdiscoveryloadertrojan

behavioral2

icedid3467965077bankerloadertrojan