icedid | 0863f9c1ae06a685b26bdb3b96a06615fa75b91f698fa5927bf1cb2234d9b580 | Triage

Sharing

General

Target

JaffaCakes118_0863f9c1ae06a685b26bdb3b96a06615fa75b91f698fa5927bf1cb2234d9b580
Size

382KB
Sample

241222-a35xnawmds
MD5

e3983a1c849e97587bacbf990ff4e426
SHA1

305644db8da0d2bf38e5ebd7933db3a39369d44f
SHA256

0863f9c1ae06a685b26bdb3b96a06615fa75b91f698fa5927bf1cb2234d9b580
SHA512

8803b31a3d72e406ca8ed9fb800a2252896945fab4bd33e4360a9ea37336990b59087e6dc302a71f893f6c7adcd98be6a39b45b492f7c809d47fdb7137fd06cc
SSDEEP

6144:fOfzMdUik1UuZrPmI/jPsuCe2e7Bxq6G7dOwxZWIxjCQ+vOYAXAm:cDik1fZrHLsw7BIHZxjkbAwm

Score

10^/10

icedid 1217670233 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

nnelforwfin.top

lakogrefop.rest

hangetilin.top

follytresh.co

Attributes

auth_var
12
url_path
/posts/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  2b4f27b826aec08eb90ff784b25d048d
- SHA1
  
  b1444548b53ec112797cc7d03a1e227fe71315ca
- SHA256
  
  b976471778c3abead8001c5a7db7d39b461e88bbd5322a579d86c1ca725375fb
- SHA512
  
  d6316825b5372e445941b75b08b04aaee49bab12d752dba4691aac8093100d1632a1b07e6b7d6899c528e6777f0bcfcd977e02a7f8d559b29e205703f573d434
Score

10^/10

icedid 1217670233 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  pigeon64.dat
- Size
  
  159KB
- MD5
  
  de317e8f5ed28affbf38306925aa59a8
- SHA1
  
  38f670fadedf06bf12243b74618c5e4461416a6f
- SHA256
  
  b16bfd48ebbe416330327d2462bb5084bf0e3dfadd237b10e0c4670ed52532ef
- SHA512
  
  c9b02fa7effaeba55d1f324da2557c210b04b031991b1909d85dde90fed162d3c3afa8325ec96cd52f306074def915bf7c99e361502fea920bb33f68f322abce
- SSDEEP
  
  3072:Rgdn2kM3jGZuKnK8nqYLMZsylF9nmV0snOJVWHTSNV:RxkAjBK17sNNV
Score

10^/10

icedid 1217670233 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1217670233bankercore_loadercore_payloadtrojan

behavioral2

icedid1217670233bankercore_loadercore_payloadtrojan

behavioral3

icedid1217670233bankercore_loadertrojan

behavioral4

icedid1217670233bankercore_loadertrojan