icedid | 815df99c15d3431db3e018aad2827a816d078063fa75da842c30efff6bf08e63 | Triage

Sharing

General

Target

JaffaCakes118_815df99c15d3431db3e018aad2827a816d078063fa75da842c30efff6bf08e63
Size

924KB
Sample

241222-dc3w6a1kfr
MD5

f594e5e5fe61c353afa9389612788de9
SHA1

b9e12806da1a4a495f6c39ce14d3a44cb07703fb
SHA256

815df99c15d3431db3e018aad2827a816d078063fa75da842c30efff6bf08e63
SHA512

05824b27de666cf5dce2b365a151d42e77f4c4903acf98812936735b92ed9033eb009cbbd392d6d49349a21b1a98b53eef5db1f677bdc0288219a31ca2e50a40
SSDEEP

24576:TnaT/XRIUjl7nIjvk3FfAyzElA07q5H7WXfBSZaX2:uTPqUjl7nIRy707qdcBS4m

Score

10^/10

icedid 1101171172 banker loader trojan

Malware Config

Extracted

Family

icedid

Campaign

1101171172

C2

hdtrenity.com

Targets

- Target
  
  data.dll
- Size
  
  858KB
- MD5
  
  42e3f49a018eb5a0ee676a62578da12d
- SHA1
  
  e116e28febd7c616096ddd555fbe50ca8a695bde
- SHA256
  
  3851aba3f60e2072e8f212cdf2f9aad9ac7c3b12073ddf4a1d278942791ed5aa
- SHA512
  
  ae2164e0313934843cf1d8556998dd143807114afc4e1844ad80c031cb140d37b652f8dd125831306e2dfeb3bb2b201bff4efc9059ea4d989c96b0b79b7df800
- SSDEEP
  
  24576:knaT/XRIUjl7nIjvk3FfAyzElA07q5H7WXfBSZaX2:JTPqUjl7nIRy707qdcBS4m
Score

10^/10

icedid 1101171172 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
behavioral1 behavioral2
- Target
  
  documents.lnk
- Size
  
  2KB
- MD5
  
  c754f3d9cdca9c58f7b9d0a486e4d388
- SHA1
  
  078f05b78e7a83ab17d9b35edf195c10f0d5750c
- SHA256
  
  a689b27afa67609b9b73465c47f927a12c470b32d8a340552d5f85499501a757
- SHA512
  
  cc4af4a8994da26f6daacf1243bb85df0995eccb90159df66e94af0e4e9fd3df401e35a57254efe9bc10a45867dbbdcb3335391f4d5da8b2dcfbe31980e23ebf
Score

10^/10

icedid 1101171172 banker loader trojan
- IcedID, BokBot
  IcedID is a banking trojan capable of stealing credentials.
  trojan banker icedid
- Icedid family
  icedid
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

icedid1101171172bankerloadertrojan

behavioral2

icedid1101171172bankerloadertrojan

behavioral3

icedid1101171172bankerloadertrojan

behavioral4

icedid1101171172bankerloadertrojan