icedid | 7ec2f7d5d7bf12ee99e7ab80ccd837c22cd810f4ff2f437a41ee27db1b75e4d3 | Triage

Sharing

General

Target

JaffaCakes118_7ec2f7d5d7bf12ee99e7ab80ccd837c22cd810f4ff2f437a41ee27db1b75e4d3
Size

389KB
Sample

241222-cklr6syrdm
MD5

a8d48c6fd079c225605559c3abcaef7c
SHA1

fd11396d9811f5a866de02825506724aec883aaa
SHA256

7ec2f7d5d7bf12ee99e7ab80ccd837c22cd810f4ff2f437a41ee27db1b75e4d3
SHA512

812939b3cfece1782b8606ad3a31019db8a434e024144c41eebf0992b17205623efa6d64d984979f720e8e0f09d3db5501000a8316c950e8b05c814bedf65295
SSDEEP

6144:zOfzMdUik1UuZrPmI/jPsuCe2e7Bxq6G7dOwxZWIxjCQ+vOYAsJQuS00yKd:oDik1fZrHLsw7BIHZxjkbAsJQuS0x4

Score

10^/10

icedid 1217670233 banker core_loader core_payload trojan

Malware Config

Extracted

Family

icedid

Botnet

1217670233

C2

lakogrefop.rest

hangetilin.top

follytresh.co

novemberprosse.space

Attributes

auth_var
13
url_path
/posts/

Extracted

Family

icedid

rsa_pubkey.plain

Targets

- Target
  
  core.bat
- Size
  
  184B
- MD5
  
  00d922001e1ea040454c350b63619bd3
- SHA1
  
  b45abf4e6fe04d5e15514138ec4e5e020af0980d
- SHA256
  
  3b06cc4363bbc2dc5ec736e73b7807ac1beedd5bb8d08076f74736df17655157
- SHA512
  
  0de1ec67e3dfb55e89b309c0225da6f4db986eaa1cb4c0fd3b30526e594e74132cef82813e0201425a6aa0a8ed69dce4ca8f1ff8555433d5b68fad71b263aa6f
Score

10^/10

icedid 1217670233 banker core_loader core_payload trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  juice_64.tmp
- Size
  
  183KB
- MD5
  
  04b4919555e2a4917a88ab1333e63faf
- SHA1
  
  54ddab99969c284c87553dcab7c81894571032d8
- SHA256
  
  637a4abd6dfa98a4cd4b6cf9be7a9110e47e5fbd7dede2f4fd6a60a0ab1296cc
- SHA512
  
  e8dc38e248dac1e7e12984f05a85bc6ff3fd8b08589fc5b62fb7b8e8ab92c57550c933e2865bdd7e2be18c8399192b123f981d91728d742b2e4e191bd96721f9
- SSDEEP
  
  3072:yPoiRxCURnGUDOsQV1LlyMntnMpzJrdk7776hbFdxUBUxsicfMni8j5qnVn8:IGUK9D90J//0U
Score

10^/10

icedid 1217670233 banker core_loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1217670233bankercore_loadercore_payloadtrojan

behavioral2

icedid1217670233bankercore_loadercore_payloadtrojan

behavioral3

icedid1217670233bankercore_loadertrojan

behavioral4

icedid1217670233bankercore_loadertrojan