icedid | f10e2c0f386b12490dd861c3dec405ac345fa8fae24e100c2fc86ace6f5c7107

General

Target

JaffaCakes118_f10e2c0f386b12490dd861c3dec405ac345fa8fae24e100c2fc86ace6f5c7107
Size

31KB
Sample

241222-a3g6lawpel
MD5

d3f8507bd530d0348bf7ff8e96fd8487
SHA1

00e10aa6c716a5597ef1737135793f50c1c687d8
SHA256

f10e2c0f386b12490dd861c3dec405ac345fa8fae24e100c2fc86ace6f5c7107
SHA512

a32dad844f3069f2aa8b87f64527fc88366a03c96648c6e1d27044aacd6a349a56976a97e66b664da937ee307cee88066346b93a17136d62c29cb814838a95cb
SSDEEP

768:LmR7pntDWl54aT+kVb3J/USC1VW41ATpAF8Fbmuzv9:LA7pntD254e+k//UJ938Fbmuzl

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

icedid

Campaign

497724135

C2

ovedfromasi.top

Targets

- Target
  
  cf69a7a2b9beb8ae178df59e31393bc33ba69f9ec15b5cced248ba459f2caefc
- Size
  
  70KB
- MD5
  
  fc09a541e3ea6ec66b107005863ced8d
- SHA1
  
  63307078d32d02141e1d90e56018510584180fdb
- SHA256
  
  cf69a7a2b9beb8ae178df59e31393bc33ba69f9ec15b5cced248ba459f2caefc
- SHA512
  
  67508ec48260424c88021f229b1f62aef7d4f0c1c0e0a0f0a4f49a287db7028e2751bb204068637235c64f17409704c14e00725192e27406a7c39ae9949c8ba0
- SSDEEP
  
  1536:QXUu70LgnxKl7f/3jWCgiMthg8Mi3lHg9gIgmfgCjMiAOqTu/+vXWPbge96LF4hH:QwL6K5fPKCNAXMixmHBfFzmu/mAbgwJh
Score

10^/10

discovery icedid 497724135 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

IcedID, BokBot

Icedid family

Process spawned unexpected child process

Blocklisted process makes network request

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2